[wp-trac] [WordPress Trac] #10699: Password Expose Bug in XML-RPC Debugging
WordPress Trac
wp-trac at lists.automattic.com
Sat Mar 26 04:30:51 UTC 2011
#10699: Password Expose Bug in XML-RPC Debugging
--------------------------+-----------------------------
Reporter: keithdsouza | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Security | Version:
Severity: normal | Resolution:
Keywords: close |
--------------------------+-----------------------------
Changes (by solarissmoke):
* keywords: => close
Comment:
The XML-RPC logger currently logs raw incoming HTTP post data. In order to
hide the password, you would need to parse the XML first to determine
where it is before you could obfuscate it. This has the potential to
obfuscate the wrong thing (especially if you're testing and your XML is
not correct), in which case you would defeat the purpose of writing a
debug log.
Proposing wontfix. Maybe we could just add an extra warning in the inline
docs: Don't use this in a production environment.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10699#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list