Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

URL with password are show in the log and STDOUT #81

Open
ph opened this issue Aug 30, 2017 · 0 comments
Open

URL with password are show in the log and STDOUT #81

ph opened this issue Aug 30, 2017 · 0 comments

Comments

@ph
Copy link
Contributor

ph commented Aug 30, 2017

When the input start in the registering method we bleed the password in the log file.

I believe on exception we could also bleed the password since we just dump the content of the request object to the logger.

  rescue StandardError, java.lang.Exception => e
    @logger.error? && @logger.error("Error eventifying response!",
                                    :exception => e,
                                    :exception_message => e.message,
                                    :name => name,
                                    :url => request,
                                    :response => response
    )

I think the easiest fix is to remove the URLs at the logger.info level and also remove the request and the response unless we are in debug mode.
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ph