Date: Fri, 19 Nov 1999 17:19:13 +0000
From: "Todd C. Campbell" <[email protected]>
To: [email protected]Subject: ProFTPd - mod_sqlpw.c
A member of the proftpd mailing list and myself discovered a problem
with proftpd with mod_sqlpw.c optional module compiled in.
Unix last command reveals passwords where the username should be.
A patch was sent to the mailing list, however, the patch only protects
ftp localhost not ftp remotehost.
Johnie Ingram (Author of mod_sqlpw.c) was notified, as well as, the rest
of the mailing list.
I suggest the following work around:
<Global>
Wtemplog off
</Global>
Wtmplog details below:
WtmpLog
Syntax: WtmpLog on|off|NONE
Default: WtmpLog on
Context: server config, <VirtualHost>, <Anonymous>, <Global>
Compatibility: 1.1.7 and later
The WtmpLog directive controls proftpd's logging of ftp connections to
the host system's wtmp file (used by such commands
as `last'). By default, all connections are logged via wtmp.
_Todd
