Efflux: Disable logging of plaintext passwords in debugging mode (CVE-2024-43444)

[eyazi]

Proposed change

Disable the logging of plaintext passwords in debugging mode.

Type of change

• 1 - 🐞 bug 🐞

Additional information

This is inspired by CVE-2024-43444. I'd not consider this a security patch, as the debugging mode can only be enabled by changing the source code. And if you have access to the source code, you can debug anything.

Checklist

• The code change is tested and works locally.(❗)
• There is no commented out code in this PR.(❕)
• You improved or added new unit tests.(❕)
• Local ZnunyCodePolicy passed.(❕)
• Local UnitTests / Selenium passed.(❕)
• GitHub workflow CI (UnitTests / Selenium) passed.(❗)

[eyazi]

I’ve made some changes to make the PR more consistent.

In my understanding of security, an application should never write passwords in plain text to a log file. If crypt type is set to plain, for whatever reason, even passwords retrieved from the database are logged in plain text.
However, I understand that there might be different perspectives on this, especially since you need to set the minimum log level to notice and enable the logging directly in the code.