Skip to content

Event log may contain sensitive service parameters #553

New issue
New issue
Closed
Closed
Event log may contain sensitive service parameters#553
@youngm

Description

@youngm
youngm
opened on Mar 2, 2016

When I look at event logs for actee_type=service_instance I notice service parameters passed in at service creation being logged. These parameters can container sensitive information. I'm not sure how locked down access to events are in the CC but in my org we send all events out to an audit log that has a different security profile than CC. We're now redacting the parameters when sent to our audit log but other CF users might not be aware these parameters are getting logged. You may want to consider redacting parameters in event logs.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions