Don't log the OTP publically

The OTP might not be an OTP, but an actual password, so don't log it
publically.

diff --git a/src/main.c b/src/main.c
index 174a896e7267cd3cb0ff93d8d0f48a86a77be59f..993c4c7e3e37c297904d3092b51ae3222cafc910 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -373,7 +373,7 @@ static int handle_request(void * UNUSED(data),
        otp = MHD_lookup_connection_value(conn, MHD_GET_ARGUMENT_KIND, "otp");
        h = MHD_lookup_connection_value(conn, MHD_GET_ARGUMENT_KIND, "h");
        syslog(LOG_DEBUG, "Got new connection with parameters: "
-              "url=%s id=%s otp=%s, h=%s\n", url, id, otp, h);
+              "url=%s id=%s otp=<hidden>, h=%s\n", url, id, h);
 
        /* Do query to grab shared secret, we need this later anyway */
        if (get_shared_secret(id, &shared_secret, &shared_secret_len) < 0) {