Date: Sat, 17 Sep 2005 12:34:25 -0500 From: Mr Duck <tld@...eexamples.org> To: popa3d-users@...ts.openwall.com Subject: Re: Patch to include the username in all syslog messages Solar Designer wrote: >> Fredrik wrote: >> It is a patch that adds the username (or mailbox, which should >> be the same most of the time) to all syslog messages that popa3d >> writes. It is very useful for detecting users that misspell >> usernames, or use incorrect case when typing the username. > Yes. Unfortunately, a side-effect is that you will also get some > plaintext passwords logged since some users are dumb enough to > enter their password in place of username. This was one of two > reasons for It is unfortunate that someone would do this, but not enough of a reason to cause any significant influence, IMHO. Plus, a simple password scan could check the unknown username against the password list, and look for matches. That would at least provide an opportunity to do some adjustment so that their plain password was not fully displayed... not really worth it IMHO, but if someone was concerned over this... > not logging unknown usernames. The other reason is that unknown > usernames may contain any "garbage" characters, including terminal > controls, making it unsafe to browse logs on some systems (where syslogd > does not filter or escape potential terminal controls) unless special > precautions are taken (e.g., "less -U" is OK, "more" or plain "grep ..." > with output to the terminal are not). An easy fix. Before any logging is done with an unknown username, parse it for "garbage" characters, and replace them with something non-garbage... Of anything that I think popa3d should contain, this patch is *the* one. It's not fun to track logs when you can't tell which line is for what user. Besides, your reasons for not displaying unknown usernames is really that important, then here is an alternate idea. Each full session is given a unique instance ID. This ID is logged with every log item. This way, the password/garbage char concerns would be addressed, and log-watchers like myself and Fredrik will have something easy to link log entries. Bear in mind, this is my opinion and nothing more. I'm not the one who wrote and is supporting the pop server. (= but, I am a user of the server and as such, feel that my opinion counts for something, if only a voice. (= Brad/TLD
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.