Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

URL with password are show in the log and STDOUT #81

Open
ph opened this issue Aug 30, 2017 · 0 comments
Open

URL with password are show in the log and STDOUT #81

ph opened this issue Aug 30, 2017 · 0 comments

Comments

@ph
Copy link
Contributor

ph commented Aug 30, 2017

When the input start in the registering method we bleed the password in the log file.

I believe on exception we could also bleed the password since we just dump the content of the request object to the logger.

  rescue StandardError, java.lang.Exception => e
    @logger.error? && @logger.error("Error eventifying response!",
                                    :exception => e,
                                    :exception_message => e.message,
                                    :name => name,
                                    :url => request,
                                    :response => response
    )

I think the easiest fix is to remove the URLs at the logger.info level and also remove the request and the response unless we are in debug mode.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant