Now that some (and soon all) of us are using SSL to log in, we transmit the username and password to login.php unsecured - except by SSL itself. If you turn on debug logging before logging in, those items are plainly visible in the URL we submit.
I have seen several recent suggestions on this forum for people to turn on debug logging and post their debug logs to help debug login sequences. OK - IF the person is not using SSL. Or, if they are, and think to remove their user name and password from the debug log before posting.
I want KoLmafia to not include those sensitive items in the logged URLs in the debug log. I don't want naive users to post sensitive information unwittingly.
I have seen several recent suggestions on this forum for people to turn on debug logging and post their debug logs to help debug login sequences. OK - IF the person is not using SSL. Or, if they are, and think to remove their user name and password from the debug log before posting.
I want KoLmafia to not include those sensitive items in the logged URLs in the debug log. I don't want naive users to post sensitive information unwittingly.
