dPoW icon indicating copy to clipboard operation
dPoW copied to clipboard
verified publisher icon KomodoPlatform

[opsec] privkeys in log

Open ca333 opened this issue 6 years ago • 2 comments

SuperNET_login() invocation prints the privkeys as reported by @phm87 - https://github.com/KomodoPlatform/dPoW/pull/23

ca333 avatar Jan 08 '20 09:01 ca333

As discussed, I was wrong, privkeys are not printed in logs by SuperNET_login() In mm2 logs, privkeys appear but I don't know which call prints that. I though that iguana do the same Thank you for the discussion on discord to clarify

Can you close this Issue ? We'll perform grep on our logs to be sure that no sensitive info is present.

phm87 avatar Jan 18 '20 11:01 phm87

The encryptwallet RPC is the one that returns privkeys. If the operator is logging stdout to a file, this will remain in logs. In old docs (early season2), encryptwallet was described to be called in the wp_7776 file.

Since mid-S2, the docs were updated with walletpassphrase RPC call.

imylomylo avatar Jan 20 '20 08:01 imylomylo