[PATCH] test: don't print Passphrase

Jussi Kukkonen jku at linux.intel.com
Tue Jan 25 05:11:50 PST 2011


On 01/25/2011 01:43 PM, Marcel Holtmann wrote:
> Hi Jussi,
> 
>> The test scripts are useful when asking users for debugging info,
>> but the sensitive information makes using the output on open forums
>> problematic.
>> ---
>>  test/get-services  |    2 ++
>>  test/list-services |    2 ++
>>  test/test-manager  |    2 ++
>>  3 files changed, 6 insertions(+), 0 deletions(-)
>>
>> diff --git a/test/get-services b/test/get-services
>> index 29d4ea0..8088012 100755
>> --- a/test/get-services
>> +++ b/test/get-services
>> @@ -50,6 +50,8 @@ for entry in services:
>>  				val = "false"
>>  		elif key in ["Strength"]:
>>  			val = int(properties[key])
>> +		elif key in ["Passphrase"]:
>> +			val = "<redacted>"
> 
> I do see your point here that you are trying to protect something, but
> is it really worth protecting? I have no problem with doing so, but you
> might wanna better add a switch to show passphrases then as well. Since
> you will need that for debugging as well.

I think it is worth it, not because the data is necessarily so important
but because of a social issue -- From several cases I an tell that
people do not take it well when they realise they've just posted to the
web something _they consider_ a secret. I know I could just remember to
ask for
    ./list-services | grep -v "Passphrase ="
but I've personally found myself unable to remember to do that and I bet
I'm not the only one. I think the default should be "don't print secrets".

I can add a --print-secrets switch to include the passphrase. Originally
I did not include it to keep the scripts simple.

 - Jussi



More information about the connman mailing list