Don't EVER log passwords

author: Thomas Bruederli <thomas@roundcube.net> 2014-02-03 15:34:55 +0100
committer: Thomas Bruederli <thomas@roundcube.net> 2014-02-03 15:34:55 +0100
commit: 774deaded1bc782b6a2670720e0fde3c7df7cde4 (patch)
tree: a7cc8e01e82021040cea74766d7eccc48e148680 /plugins/password
parent: 03f1691d4797267513fb29019bdd96ca28a899a9 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/password/drivers/ldap_simple.php b/plugins/password/drivers/ldap_simple.php
index 47e3b07de..3e167ea5b 100644
--- a/plugins/password/drivers/ldap_simple.php
+++ b/plugins/password/drivers/ldap_simple.php
@@ -113,7 +113,7 @@ class rcube_ldap_simple_password
             return PASSWORD_CRYPT_ERROR;
         }
 
-        $this->_debug("C: Bind $binddn [pass: $bindpw]");
+        $this->_debug("C: Bind $binddn, pass: **** [" . strlen($bindpw) . "]");
 
         // Bind
         if (!ldap_bind($ds, $binddn, $bindpw)) {
@@ -175,7 +175,7 @@ class rcube_ldap_simple_password
             return null;
         }
 
-        $this->_debug("C: Bind $search_user [pass: $search_pass]");
+        $this->_debug("C: Bind $search_user, pass: **** [" . strlen($search_pass) . "]");
 
         // Bind
         if (!ldap_bind($ds, $search_user, $search_pass)) {
author	Thomas Bruederli <thomas@roundcube.net>	2014-02-03 15:34:55 +0100
committer	Thomas Bruederli <thomas@roundcube.net>	2014-02-03 15:34:55 +0100
commit	774deaded1bc782b6a2670720e0fde3c7df7cde4 (patch)
tree	a7cc8e01e82021040cea74766d7eccc48e148680 /plugins/password
parent	03f1691d4797267513fb29019bdd96ca28a899a9 (diff)