commit cc8531b8678d7ba7981f2735382ecff80f9c326f Author: David Fifield <david@bamsoftware.com> Date: Thu Sep 20 10:13:55 2012 -0700 Don't try to hide the LOGIN imaplib log. The username and password are leaked anyway through other messages like this: 49:07.85 last 3 IMAP4 interactions: 49:07.56 > DIHD1 LOGIN "example@gmail.com" "..." To avoid these logs, just don't use the --imaplib-debug option. --- facilitator/facilitator-email-poller | 8 +------- 1 files changed, 1 insertions(+), 7 deletions(-) diff --git a/facilitator/facilitator-email-poller b/facilitator/facilitator-email-poller index 4b94460..f849fd0 100755 --- a/facilitator/facilitator-email-poller +++ b/facilitator/facilitator-email-poller @@ -88,7 +88,7 @@ them, and forwards the registrations to the facilitator. -e, --email=ADDRESS log in as ADDRESS (default "%(email_addr)s"). -h, --help show this help. -i, --imap=HOST[:PORT] use the given IMAP server (default "%(imap_addr)s"). - --imaplib-debug show raw IMAP messages. + --imaplib-debug show raw IMAP messages (will include email password). -k, --key=KEYFILE read a facilitator private key from KEYFILE. -l, --log FILENAME write log to FILENAME (default \"%(log)s\"). -p, --pass=PASSFILE use the email password contained in PASSFILE. @@ -283,14 +283,8 @@ def imap_login(): raise ValueError("Public key does not match pin: got %s but expected %s" % (pubkey_digest.encode("hex"), PUBKEY_SHA1.encode("hex"))) - pre_debug = imap.debug - if options.safe_logging: - # Don't log the login call without --unsafe-logging because it contains a - # secret password. - imap.debug = 0 log(u"logging in as %s" % options.email_addr) imap.login(options.email_addr, email_password) - imap.debug = pre_debug return imap