Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
RE: Do not display password value in verbose output
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Darius Panahy via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 21 Nov 2022 15:54:16 +0000
I am outputting to a file so it is no big deal to re-write the logfile contents without the PASS, but not ideal since if it crashes, it might leave the output file with the password.
However an idea would be a new option to not include password in verbose output (say CURLOPT_VERBOSE_NOPWD ) or a new value for CURLOPT_VERBOSE, say 2L = no password.
-----Original Message-----
From: Daniel Stenberg <daniel_at_haxx.se>
Sent: 21 November 2022 15:50
To: Darius Panahy via curl-library <curl-library_at_lists.haxx.se>
Cc: Darius Panahy <darius.panahy_at_iet.co.uk>
Subject: Re: Do not display password value in verbose output
On Mon, 21 Nov 2022, Darius Panahy via curl-library wrote:
> Whilst verbose output (CURLOPT_VERBOSE ) is useful, it also writes out
> the password value in clear. Can this be prevented or configured to
> mask the password?
That will be difficult as some of that showing is protcol data it shows verbatim. But I'm open for ideas.
Date: Mon, 21 Nov 2022 15:54:16 +0000
I am outputting to a file so it is no big deal to re-write the logfile contents without the PASS, but not ideal since if it crashes, it might leave the output file with the password.
However an idea would be a new option to not include password in verbose output (say CURLOPT_VERBOSE_NOPWD ) or a new value for CURLOPT_VERBOSE, say 2L = no password.
-----Original Message-----
From: Daniel Stenberg <daniel_at_haxx.se>
Sent: 21 November 2022 15:50
To: Darius Panahy via curl-library <curl-library_at_lists.haxx.se>
Cc: Darius Panahy <darius.panahy_at_iet.co.uk>
Subject: Re: Do not display password value in verbose output
On Mon, 21 Nov 2022, Darius Panahy via curl-library wrote:
> Whilst verbose output (CURLOPT_VERBOSE ) is useful, it also writes out
> the password value in clear. Can this be prevented or configured to
> mask the password?
That will be difficult as some of that showing is protcol data it shows verbatim. But I'm open for ideas.
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2022-11-21