1
Vote

The log files store Password

description

While accessing the FTP server, the log files write the FTP Password. It is a security problem.
Currently the code:
private void ProcessCommand(FtpState state, string command, string arguments) {
        log.DebugFormat("command received [{0}] with arguments [{1}]", command, arguments);
        ..................................
}
It needs to modify, supposed to be like this:
private void ProcessCommand(FtpState state, string command, string arguments) {
       string logArguments = string.Compare("PASS", command, true) == 0 ? "********" : arguments
        log.DebugFormat("command received [{0}] with arguments [{1}]", command, logArguments );
        .....................................
}
 
It will change the arguments when deal with command PASS, rather than write the plain password, it will write ****** to log files.

comments