0 votes
by (220 points)

I am using a LogWriter for the FileTransferClient class which descends from LogWriterBase.

If LogLevel is set to Info, the password is written out as **********. e.g.

Command: USER sparky
Response: 331 Password required for sparky
Command: PASS **********
Response: 230 Logged on

However, if the LogLevel is set to Verbose, the password is written to the log. e.g.

Info: Sent data over control connection:  
 0000 |55-53-45-52-20-73-70-61 72-6B-79-0D-0A         | USER sparky..
Info: Received data over control connection:  
 0000 |33-33-31-20-50-61-73-73 77-6F-72-64-20-72-65-71| 331 Password req
 0010 |75-69-72-65-64-20-66-6F 72-20-73-70-61-72-6B-79| uired for sparky
 0020 |0D-0A                                          | ..
Info: Sent data over control connection:  
 0000 |50-41-53-53-20-xx-xx-xx xx-xx-xx-xx-xx-xx-xx-0D| PASS ThePassword.
 0010 |0A                                             | .
Info: Received data over control connection:  
 0000 |32-33-30-20-4C-6F-67-67 65-64-20-6F-6E-0D-0A   | 230 Logged on..

I can use a regular expression to replace this in the overridden Write method, but it should probably be changed to work the same way as LogLevel.Info?

Applies to: Rebex FTP/SSL

1 Answer

+1 vote
by (70.2k points)
selected by
 
Best answer

This is known behavior. The Verbose data is logged at the socket level as raw outgoing data (Sent data over control connection). For socket, it is just an ordinary raw data.

We will address this and mask raw password data in one of next releases.

by (220 points)
Cool, thanks
by (144k points)
This has been addressed in 2018 R3 release:
https://www.rebex.net/total-pack/history.aspx#2018R3
...