FileTransferClient: password is output if LogWriter LogLevel is set to Verbose

0 votes
asked Aug 28 by sparkplug (220 points)

I am using a LogWriter for the FileTransferClient class which descends from LogWriterBase.

If LogLevel is set to Info, the password is written out as **********. e.g.

Command: USER sparky
Response: 331 Password required for sparky
Command: PASS **********
Response: 230 Logged on

However, if the LogLevel is set to Verbose, the password is written to the log. e.g.

Info: Sent data over control connection:  
 0000 |55-53-45-52-20-73-70-61 72-6B-79-0D-0A         | USER sparky..
Info: Received data over control connection:  
 0000 |33-33-31-20-50-61-73-73 77-6F-72-64-20-72-65-71| 331 Password req
 0010 |75-69-72-65-64-20-66-6F 72-20-73-70-61-72-6B-79| uired for sparky
 0020 |0D-0A                                          | ..
Info: Sent data over control connection:  
 0000 |50-41-53-53-20-xx-xx-xx xx-xx-xx-xx-xx-xx-xx-0D| PASS ThePassword.
 0010 |0A                                             | .
Info: Received data over control connection:  
 0000 |32-33-30-20-4C-6F-67-67 65-64-20-6F-6E-0D-0A   | 230 Logged on..

I can use a regular expression to replace this in the overridden Write method, but it should probably be changed to work the same way as LogLevel.Info?

Applies to: Rebex FTP/SSL

1 Answer

+1 vote
answered Aug 28 by Lukas Matyska (47,270 points)
selected Aug 28 by sparkplug
 
Best answer

This is known behavior. The Verbose data is logged at the socket level as raw outgoing data (Sent data over control connection). For socket, it is just an ordinary raw data.

We will address this and mask raw password data in one of next releases.

commented Aug 28 by sparkplug (220 points)
Cool, thanks
...