contents of local server.js.logs exposed after deploying to production #14

Closed
vasili-zolotov opened this Issue Dec 22, 2011 · 1 comment

Projects

None yet

1 participant

@vasili-zolotov

The server.js.logs folder and its contents is clearly visible inside the package (which is just some nested zip files).

On top of that iisnode.exe running in Azure exposes the folder without any regard to the setting in the Web.cloud.config.

Put these two together and you will leak a snapshot of your emulator log when publishing which includes console.log output. Development logs can reveal all sorts of secrets.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment