This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author perrinjerome
Recipients perrinjerome
Date 2022-02-24.01:40:39
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1645666839.94.0.152253377842.issue46840@roundup.psfhosted.org>
In-reply-to
Content 
>>> import xmlrpc.client
>>> xmlrpc.client.ServerProxy('https://login:password@example.com')
<ServerProxy for login:password@example.com/RPC2>

Because this repr is included in error messages, this can lead to leaking the password:

>>> xmlrpc.client.ServerProxy('https://login:password@example.com').method()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.7/xmlrpc/client.py", line 1112, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib/python3.7/xmlrpc/client.py", line 1452, in __request
    verbose=self.__verbose
  File "/usr/lib/python3.7/xmlrpc/client.py", line 1154, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/lib/python3.7/xmlrpc/client.py", line 1187, in single_request
    dict(resp.getheaders())
xmlrpc.client.ProtocolError: <ProtocolError for login:password@example.com/RPC2: 404 Not Found>
History
Date User Action Args
2022-02-24 01:40:39perrinjeromesetrecipients: + perrinjerome
2022-02-24 01:40:39perrinjeromesetmessageid: <1645666839.94.0.152253377842.issue46840@roundup.psfhosted.org>
2022-02-24 01:40:39perrinjeromelinkissue46840 messages
2022-02-24 01:40:39perrinjeromecreate