Logging: Purge Debug Info from Logs
Please implement a method that allows to clean log files on the box from debug information after debugging has been conducted.
A customer approached me today complaining about passwords visible in clear text after reviewing his log files. It turned out that auth debugging for the http proxy was enabled and hence the log files showed clear text passwords. I turned it off, but in order to keep the useful info in the log files without compromising the password security, it would be nice if one could "wipe" all debug data after a debugging session from the log files on the box.
My 2011 Nov 25 complaint below has been addressed in V9.
There are two related issues.
- 1- I typed my username someplace else (not sure where), and then watched the keyboard to be sure I didn't make a mistake in my password. I looked up to see that I'd typed the password in the username field, and immediately got an email with my password in clear text. Obviously, I had to change that in several places. Frustrating.
- 2- There's an active thread on the User BB started by Ismetoo9 wanting to know how to erase/prevent changed passwords appearing for the Up2Date Parent Proxy.
From the debugging point of view it is sometimes beneficial to see the actually typed pw. Other reasons would be to limit the log space used and to speed up log file search once the debugging session has been conducted.
It seems easier to log "Correct Password" or "Bad Password" instead. Is there any other reason to want to erase debug info?