Add mechanism to censor login passwords #695
Replies: 5 comments
-
There needs to remain a way to trace back activity of password owners in logs (in case of abusive moderation for example). Currently there is no other way to be sure than checking whose password was used for login. |
Beta Was this translation helpful? Give feedback.
-
How about this. It censors but lets you traceback to which password was used.
[passwords]
admin = ["adminpass1", "adminpass2"] |
Beta Was this translation helpful? Give feedback.
-
That would be great. Also improves log readability, before you couldn't see directly which role was used for the login. Maybe for people not familiar with indexes, using a text like |
Beta Was this translation helpful? Give feedback.
-
hashing?
|
Beta Was this translation helpful? Give feedback.
-
@xtreme8000 that would only help if you had some easy way of mapping the hash back to the user |
Beta Was this translation helpful? Give feedback.
-
#511 exposed that we currently save passwords in e.g. the /login command in our logs
Beta Was this translation helpful? Give feedback.
All reactions