bindpw displayed on defalt error template if a 500 error is caught and show_errors is enabled.

[whosgonna]

If using D2PAEP::LDAP, and show_errors is enabled in D2 (for example, if using the 'development' environment), the bindpw is displayed on the error page if a 500 error occurs. Other passwords from the config file will show "'Hidden (looks potentially sensitive)',".

It looks like D2 uses the following to determine if it should hide the password:
elsif ( $key =~ /(pass|card?num|pan|secret)/i )

Note that this occurs not because D2 is dumping the object, but because it is dumping the information from the configuration file(s).

I can submit a PR for this if you like. My thought is that the best solution is:

1. Create a new attribute of 'bindpass'.
2. Change bindpw to lazy build (just make it $self->bindpass)

I think this will allow bindpass to gracefully replace bindpw (that is to say, it won't break backwards compatibility.

I will probably open a ticket against Dancer2, asking for 'bindpw' to be added to that list as well.

Let me know your thoughts. Thank you.

[racke]

I suggest that we add a method to Dancer2, which allows plugins to extend this list of censored words.

[whosgonna]

Thank you. I opened an issue against Dancer2, and submitted a PR for it there. I made a quick fix for this one as well, but i should update the POD and maybe add a test here before submitting a PR.