Re: [bug-buddy]: Custom scripts for your application

[Davyd Madeley <davyd madeley id au>]

On Fri, 2006-12-01 at 12:11 -0600, Shaun McCance wrote:

> I think most (non-hacker) users will look at a stack trace and not
> even bother trying to figure out where their personal information
> might be inside it.  Maybe adding a find dialog/bar would make them
> a bit more likely to do so ("Does it say hotsexychicks.com in here
> anywhere?"), but I doubt it would make much of a difference.

Perhaps we can write some intelligence metric in here. Where we search
for things that may be leaking passwords or URLs or usernames or server
IPs, etc. This could be as low tech as searching for specific variable
names or functions that are known to deal with sensitive data. It would
then display a:

/!\ Warning, this crash report may contain sensitive data, click here to
highlight it.

Alternatively, and possibly harder, have a button that will remove the
contents of strings (which are most like to leak sensitive data) by
replacing each character with an X. I am not sure how you would still
preserve the fact that strings are corrupted, if that caused your crash.

> Maybe we should find a way to make files submitted from Bug Buddy
> private.  A trusted few would have access to them.  We'd have some
> nice interface for reviewing submitted files, and the trusted few
> could look through them for anything that looks, well, bad.  If a
> file is clean, it gets marked public.  Otherwise, it is completely
> deleted from the server.

This could be as simple as a checkbox:

  [ ] make this information private

But that might become awfully popular.

--d

-- 
Davyd Madeley

http://www.davyd.id.au/
08B0 341A 0B9B 08BB 2118  C060 2EDD BB4F 5191 6CDA