[PATCH] test: don't print Passphrase

Marcel Holtmann marcel at holtmann.org
Tue Jan 25 05:22:56 PST 2011


Hi Jussi,

> >> The test scripts are useful when asking users for debugging info,
> >> but the sensitive information makes using the output on open forums
> >> problematic.
> >> ---
> >>  test/get-services  |    2 ++
> >>  test/list-services |    2 ++
> >>  test/test-manager  |    2 ++
> >>  3 files changed, 6 insertions(+), 0 deletions(-)
> >>
> >> diff --git a/test/get-services b/test/get-services
> >> index 29d4ea0..8088012 100755
> >> --- a/test/get-services
> >> +++ b/test/get-services
> >> @@ -50,6 +50,8 @@ for entry in services:
> >>  				val = "false"
> >>  		elif key in ["Strength"]:
> >>  			val = int(properties[key])
> >> +		elif key in ["Passphrase"]:
> >> +			val = "<redacted>"
> > 
> > I do see your point here that you are trying to protect something, but
> > is it really worth protecting? I have no problem with doing so, but you
> > might wanna better add a switch to show passphrases then as well. Since
> > you will need that for debugging as well.
> 
> I think it is worth it, not because the data is necessarily so important
> but because of a social issue -- From several cases I an tell that
> people do not take it well when they realise they've just posted to the
> web something _they consider_ a secret. I know I could just remember to
> ask for
>     ./list-services | grep -v "Passphrase ="
> but I've personally found myself unable to remember to do that and I bet
> I'm not the only one. I think the default should be "don't print secrets".
> 
> I can add a --print-secrets switch to include the passphrase. Originally
> I did not include it to keep the scripts simple.

then lets do that. Mainly, because for debugging on the device it is
important to actually see the secrets.

Regards

Marcel





More information about the connman mailing list