Write only ***** as password in installation log file

Jens Mühlenhoff shared this problem 2 years ago
Defect Logged

We have installed YellowFin and found the plain text password in the installation log files.


Please write only the ****** as password into the log file -- but any way, passwords should never placed into any log file :). Thanks.


Regards,


Jens

Comments (1)

photo
1

Hi Jens,

Thanks for getting in touch about this. I actually noticed this myself a couple of weeks ago when doing an installation. As far as I can tell, (not that this makes this situation any better) the passwords only get written to the install log when installing via the command line. The passwords are not written to the log when the GUI installer option is used. Anyways, I raised this internally to be addressed by our development team as soon as I found it. For your reference, the internal tracking id of the item is YFN-7341.

I fully agree with you that we should be writing ****** in there, so hopefully this can be addressed quickly! I'll let you know here as soon as I have any updates.

Thanks,

-Conner