On Tue, Jun 08, 2004 at 07:06:57PM -0700, Michael Stenner wrote: > On Tue, Jun 08, 2004 at 03:50:29PM -0500, Michael Favia wrote: > > I would agree with scrubbing the URI OK, I just had another thought that reduces my motivation to pursue this url-scrubbing thing. We're trying to prevent a regular user from getting the password, right? Scrubbing the logging messages is kinda silly when they can just read the config file. So, if you really want the users to not see the password, you should lock down the config file, at which point, they can't run yum anyway. Surely, people are going to suggest crazy schemes for solving this problem, but I'll be really surprised if anyone feels it's actually valuable enough to implement. -Michael -- Michael D. Stenner mstenner@xxxxxxxxxxxxxxx ECE Department, the University of Arizona 520-626-1619 1230 E. Speedway Blvd., Tucson, AZ 85721-0104 ECE 524G
