#1
|
|||
|
|||
Do not write hoster login data to log files
Hi,
I just noticed that JDownloader2 writes my hoster login data, including the password, to the log files. And not just a few times, quite often. Seems like two files are affected for me, but one of that is hoster specific: File 1: jd.controlling.downloadcontroller.DownloadWatchDog.log.0 Example lines: Code:
--ID:134TS:1426610665844-17.03.15 17:44:25 - [jd.controlling.downloadcontroller.DownloadWatchDog(attach)] -> Start new Download: Host:DownloadCandidate:FILENAME@share-online.biz|Host share-online.biz|Account:Plugin:premiumize.me|Version:29403|Type:MULTI|Account:MYUSERNAME:MYPASSWORD@premiumize.me=true Property: {IS_MULTI_HOSTER_ACCOUNT=true, extuid=MYUSERNAME, LATEST_VALID_TIMESTAMP=1426609613854, VALID_UNTIL=1442052970000} AccInfo: Property: {multiHostSupport=[1fichier.com, 4shared.com, depfile.com, depositfiles.com, extmatrix.com, filepost.com, filer.net, filerio.in, gigapeta.com, hugefiles.net, kingfiles.net, letitbit.net, movshare.net, netload.in, novamov.com, nowvideo.ch, oboom.com, purevid.com, rapidgator.net, salefiles.com, share-online.biz, shareflare.net, speedyshare.com, streamcloud.eu, turbobit.net, uploadto.us, uptobox.com, videoweed.es, vip-file.com], connection_settings={all={max_connections_per_file=15, max_connections_per_hoster=75, resume=true}, uploaded.net={max_connections_per_file=10, max_connections_per_hoster=20, resume=true}, uploaded.to={max_connections_per_file=10, max_connections_per_hoster=20, resume=true}, bitshare.com={max_connections_per_file=5, max_connections_per_hoster=10, resume=true}}}|Proxy:Direkt --ID:134TS:1426610727417-17.03.15 17:45:27 - [jd.controlling.downloadcontroller.DownloadWatchDog(setFinalLinkStatus)] -> DownloadCandidate:FILENAME@share-online.biz|Host share-online.biz|Account:Plugin:premiumize.me|Version:29403|Type:MULTI|Account:MYUSERNAME:MYPASSWORD@premiumize.me=true Property: {IS_MULTI_HOSTER_ACCOUNT=true, extuid=MYUSERNAME, LATEST_VALID_TIMESTAMP=1426610710393, VALID_UNTIL=1442052970000} AccInfo: Property: {multiHostSupport=[1fichier.com, 4shared.com, depfile.com, depositfiles.com, extmatrix.com, filepost.com, filer.net, filerio.in, gigapeta.com, hugefiles.net, kingfiles.net, letitbit.net, movshare.net, netload.in, novamov.com, nowvideo.ch, oboom.com, purevid.com, rapidgator.net, salefiles.com, share-online.biz, shareflare.net, speedyshare.com, streamcloud.eu, turbobit.net, uploadto.us, uptobox.com, videoweed.es, vip-file.com], connection_settings={all={max_connections_per_file=15, max_connections_per_hoster=75, resume=true}, uploaded.net={max_connections_per_file=10, max_connections_per_hoster=20, resume=true}, uploaded.to={max_connections_per_file=10, max_connections_per_hoster=20, resume=true}, bitshare.com={max_connections_per_file=5, max_connections_per_hoster=10, resume=true}}}|Proxy:Direkt->CONNECTION_ISSUES File 2: share-online.biz_premiumize.me.log.0 Example lines: Code:
--ID:137TS:1426610665855-17.03.15 17:44:25 - [jd.controlling.downloadcontroller.SingleDownloadController(download)] -> DownloadCandidate: DownloadCandidate:FILENAME@share-online.biz|Host share-online.biz|Account:Plugin:premiumize.me|Version:29403|Type:MULTI|Account:MYUSERNAME:MYPASSWORD@premiumize.me=true Property: {IS_MULTI_HOSTER_ACCOUNT=true, extuid=MYUSERNAME, LATEST_VALID_TIMESTAMP=1426609613854, VALID_UNTIL=1442052970000} AccInfo: Property: {multiHostSupport=[1fichier.com, 4shared.com, depfile.com, depositfiles.com, extmatrix.com, filepost.com, filer.net, filerio.in, gigapeta.com, hugefiles.net, kingfiles.net, letitbit.net, movshare.net, netload.in, novamov.com, nowvideo.ch, oboom.com, purevid.com, rapidgator.net, salefiles.com, share-online.biz, shareflare.net, speedyshare.com, streamcloud.eu, turbobit.net, uploadto.us, uptobox.com, videoweed.es, vip-file.com], connection_settings={all={max_connections_per_file=15, max_connections_per_hoster=75, resume=t... URL: **External links are only visible to Support Staff**MYUSERNAME¶ms[pass]=MYPASSWORD¶ms[link]=LINKTOFILE GET /pm-api/v1.php?method=directdownloadlink¶ms[login]=MYUSERNAME¶ms[pass]=MYPASSWORD¶ms[link]=LINKTOFILE HTTP/1.1 Referer: **External links are only visible to Support Staff**MYUSERNAME¶ms[pass]=MYPASSWORD¶ms[link]=LINKTOFILE Could you please change that? Writing clear text passwords to files is never a good idea, but if those are also send when creating a jdlog link it's even worse. |
#2
|
||||
|
||||
We had this discussion already - I see no reason for this.
I just checked and it seems like there is no way to disable logging completely at the moment. However, you can limit the number of max logs to 1, see Setting --> Advanced Settings --> Log: Max Log Files GreeZ psp
__________________
JD Supporter, Plugin Dev. & Community Manager
Erste Schritte & Tutorials || JDownloader 2 Setup Download |
#3
|
|||
|
|||
It's your decision of course, but in my opinion there is always a reason for security and privacy.
|
#4
|
||||
|
||||
Hm maybe I'm wrong but as said - I cannot find any option to completely disable logging in JD2 at the moment and we definitly had this for the old JD1.
What do you think - would such an option solve the "privacy issues" for you? The only problem I see is if you e.g. got a virus and they steal your passwords via your logs (and/or login cookies)...BUT as long as you still got your accounts in JD, this would also be possible without logging. And about your concerns when uploading logs: Only qualified supporters have access to these logs and we respect your privacy. If you search our board/the net you will not find any articles about stolen accounts in relation with our support stuff and we will make sure that this will never ever happen GreeZ psp
__________________
JD Supporter, Plugin Dev. & Community Manager
Erste Schritte & Tutorials || JDownloader 2 Setup Download |
#5
|
|||
|
|||
Yeah, disabling logs would of course solve that. But do I want that? Maybe, maybe not. Depends on how often I have problems with JDownloader that need logs to be solved
The account settings aren't saved in clear text, or are they? At least a text search through all files in my JDownloader folder only found log files with my password, but no settings file. My concern isn't so much about the support or development staff. Nothing stops you from sending my password to your server anyway if you want to But your log server could be hacked as every server can be. And if that happens, the attacker will get many accounts with clear text passwords. |
#6
|
||||
|
||||
Quote:
GreeZ psp
__________________
JD Supporter, Plugin Dev. & Community Manager
Erste Schritte & Tutorials || JDownloader 2 Setup Download |
#7
|
|||
|
|||
I think it is a good idea, if we can general disable the logging. Privacy is one Part, but also for my NAS it is better not to write so much stuff.
Maybe it can be implemented |
#8
|
||||
|
||||
Ticket:
__________________
JD Supporter, Plugin Dev. & Community Manager
Erste Schritte & Tutorials || JDownloader 2 Setup Download |
#9
|
||||
|
||||
If you are worried, just disable the log.
If you once need a log to find a problem, just enable it, and disable it afterwards. This is how you disable all logs:
__________________
|
#10
|
|||
|
|||
Many thanks for the very fast solution, it works fine.
|
|
|