starred/WiFiManager
1
0
Fork 0
mirror of https://github.com/tzapu/WiFiManager.git synced 2026-04-27 00:55:52 +03:00
Code Issues 656 Projects Releases 8 Packages Wiki Activity

[GH-ISSUE #94] Wifi password should not be included in console debugging #72

New issue
Closed
opened 2026-02-28 01:23:14 +03:00 by kerem · 3 comments
kerem commented 2026-02-28 01:23:14 +03:00
Owner
Copy link

Originally created by @vicnevicne on GitHub (Feb 5, 2016).
Original GitHub issue: https://github.com/tzapu/WiFiManager/issues/94

Just a suggestion:
I was surprised to see my wifi password in clear text on the console. I know debugging can be turned off, but I think many people will leave it on, and just reading from TX and resetting the module would disclose the password.
I would suggest replacing it by stars *******, or better yet, make it optional by upgrading
void WiFiManager::setDebugOutput(boolean debug)
to
void WiFiManager::setDebugOutput(int debugLevel)
where
level=0 means off
level=1 means on with hidden password
level=2 means on including password
(these levels are just an example. More levels could be defined but the above values would keep 100% backwards compatibility while hiding the password unless the developer chooses so)

Keep on the good work !

Originally created by @vicnevicne on GitHub (Feb 5, 2016). Original GitHub issue: https://github.com/tzapu/WiFiManager/issues/94 Just a suggestion: I was surprised to see my wifi password in clear text on the console. I know debugging can be turned off, but I think many people will leave it on, and just reading from TX and resetting the module would disclose the password. I would suggest replacing it by stars *******, or better yet, make it optional by upgrading void WiFiManager::setDebugOutput(boolean debug) to void WiFiManager::setDebugOutput(int debugLevel) where level=0 means off level=1 means on with hidden password level=2 means on including password (these levels are just an example. More levels could be defined but the above values would keep 100% backwards compatibility while hiding the password unless the developer chooses so) Keep on the good work !
kerem closed this issue 2026-02-28 01:23:15 +03:00
kerem commented 2026-02-28 01:23:15 +03:00
Author
Owner
Copy link

@tzapu commented on GitHub (Feb 5, 2016):

hi,

you are correct, but, all you need to find out the password anyway is to write a blank sketch on it and call WiFi.psk()

not much in the way of protection anyway not showing it there

i ll think about it, and will do something about it probably when we ll move to the new ESP core debug functions

cheers

On 5 Feb 2016, at 16:08, vicnevicne notifications@github.com wrote:

Just a suggestion:
I was surprised to see my wifi password in clear text on the console I know debugging can be turned off, but I think many people will leave it on, and just reading from TX and resetting the module would disclose the password
I would suggest replacing it by stars *******, or better yet, make it optional by upgrading
void WiFiManager::setDebugOutput(boolean debug)
to
void WiFiManager::setDebugOutput(int debugLevel)
where
level=0 means off
level=1 means on with hidden password
level=2 means on including password
(these levels are just an example More levels could be defined but the above values would keep 100% backwards compatibility while hiding the password unless the developer chooses so)

Keep on the good work !


Reply to this email directly or view it on GitHub https://github.com/tzapu/WiFiManager/issues/94.

<!-- gh-comment-id:180375972 --> @tzapu commented on GitHub (Feb 5, 2016): hi, you are correct, but, all you need to find out the password anyway is to write a blank sketch on it and call WiFi.psk() not much in the way of protection anyway not showing it there i ll think about it, and will do something about it probably when we ll move to the new ESP core debug functions cheers > On 5 Feb 2016, at 16:08, vicnevicne notifications@github.com wrote: > > Just a suggestion: > I was surprised to see my wifi password in clear text on the console I know debugging can be turned off, but I think many people will leave it on, and just reading from TX and resetting the module would disclose the password > I would suggest replacing it by stars *******, or better yet, make it optional by upgrading > void WiFiManager::setDebugOutput(boolean debug) > to > void WiFiManager::setDebugOutput(int debugLevel) > where > level=0 means off > level=1 means on with hidden password > level=2 means on including password > (these levels are just an example More levels could be defined but the above values would keep 100% backwards compatibility while hiding the password unless the developer chooses so) > > Keep on the good work ! > > — > Reply to this email directly or view it on GitHub https://github.com/tzapu/WiFiManager/issues/94.
kerem commented 2026-02-28 01:23:15 +03:00
Author
Owner
Copy link

@vicnevicne commented on GitHub (Feb 5, 2016):

Thanks for your reply.
Regarding WiFi.psk(): that's true, but flashing requires a more complex setup than just connecting a console on the wire marked "Tx" :-)
Probably it would it good to think about it in the future indeed.
Anyway, your Manager works like a champ. Well done !

<!-- gh-comment-id:180625313 --> @vicnevicne commented on GitHub (Feb 5, 2016): Thanks for your reply. Regarding WiFi.psk(): that's true, but flashing requires a more complex setup than just connecting a console on the wire marked "Tx" :-) Probably it would it good to think about it in the future indeed. Anyway, your Manager works like a champ. Well done !
kerem commented 2026-02-28 01:23:15 +03:00
Author
Owner
Copy link

@kentaylor commented on GitHub (Apr 21, 2016):

I agree with tzapu that the password is so easily accessible by updating to a new sketch it doesn't seem worth having the option to hide it from the debug messages. Flashing a new sketch doesn't require any hardware, it can be done from the terminal program being used to read the debug messages.

I'd expect in a finished product the debug messages would probably be turned off.

<!-- gh-comment-id:212987854 --> @kentaylor commented on GitHub (Apr 21, 2016): I agree with tzapu that the password is so easily accessible by updating to a new sketch it doesn't seem worth having the option to hide it from the debug messages. Flashing a new sketch doesn't require any hardware, it can be done from the terminal program being used to read the debug messages. I'd expect in a finished product the debug messages would probably be turned off.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
revert-1849-master
feature_fastconnect
feature_auth
feature_slimable
PEAP
feature_statichtmlparams
feature_asyncwebserver
feature_pagestringsref
parameter-smart-ptr
gh-pages
Legacy_v1
hotfixes
autochannelselect_feature
travis
smartconfig
v2.0.17
v2.0.16-rc.2
v2.0.15-rc.1
v2.0.0-rc.1
v2.0.14-beta
v2.0.13-beta
v2.0.12-beta
v2.0.11-beta
v2.0.10-beta
v2.0.9-beta
v2.0.8-beta
2.0.7-beta
2.0.6-beta
2.0.5-beta
2.0.4-beta
0.16.0
2.0.3-alpha
0.15.0
0.14
0.13
0.12
0.11
0.10
0.9
0.8
0.7
0.6
0.5
v0.4
v0.3
v0.2
v0.1
Labels
Clear labels   
📶 WiFi

   
🕸️ HTTP

   
Branch

   
DEV Help Wanted

   
Discussion

   
Documentation

   
ESP32

   
Example

   
Good First Issue

   
Hotfix

   
In Progress

   
Incomplete

   
Needs Feeback

   
Priority

   
QA

   
Question

   
Task

   
Upstream/Dependancy

   
bug

   
duplicate

   
enhancement

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
wontfix
No labels
📶 WiFi
🕸️ HTTP
Branch
DEV Help Wanted
Discussion
Documentation
ESP32
Example
Good First Issue
Hotfix
In Progress
Incomplete
Needs Feeback
Priority
QA
Question
Task
Upstream/Dependancy
bug
duplicate
enhancement
invalid
pull-request
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/WiFiManager#72
No description provided.