MikroTik

Community discussions
https://forum.mikrotik.com/

hide-sensitive doesn't?

https://forum.mikrotik.com/viewtopic.php?t=92716

Page 1 of 1

hide-sensitive doesn't?

Posted: Sun Jan 04, 2015 8:21 am
by sejtam
RB2011 with 6.24

I ran a backup

/export file=c hide-sensitive

however, several items of sensitive info were still left in the output file (somewhat mangled by me)
Code: Select all
add coa-port=1700 customer=admin disabled=no ip-address=127.0.0.2 log=\
    auth-fail name=koerberGW shared-secret=myRadiusSecret use-coa=no
Code: Select all
set address=74.125.130.16 from="myRouter <my@email>" last-status=\
    succeeded password=<mySMPTpassword> port=587 start-tls=yes user=\
    me@me
btw: is that COA port needed when authenticating against the local Userman?

Re: hide-sensitive doesn't?

Posted: Sun Jan 04, 2015 3:20 pm
by boen_robot
I think those don't count as sensitive, because they're passwords to external services, whereas "hide-sensitive" is intended to hide local sensitive data - passwords that the router itself defines and authenticates others against.

Re: hide-sensitive doesn't?

Posted: Mon Jan 05, 2015 8:09 am
by sejtam
I think those don't count as sensitive, because they're passwords to external services, whereas "hide-sensitive" is intended to hide local sensitive data - passwords that the router itself defines and authenticates others against.
unfortunate, as currently I have only an outside SMTP server to send this through. It would be nice if it could obscure all such fields (or had a facility to encrypt the file locally before sending/es part of the export).

No, I don't just want the file to stay local, as I may need to it recover service in case I'm locked out or lost the router
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/