Password in Logs #555

benhaynes · 2018-11-01T12:59:10Z

No sensitive information should be in the logs, we can keep the output but passwords should be masked.

#10 C:\xampp\htdocs\directus.test\src\endpoints\Auth.php(49): Directus\Services\AuthService->loginWithCredentials('admin@admin.com', 'xxxxxxxxxxxxx!')

The text was updated successfully, but these errors were encountered:

wellingguzman · 2018-11-23T19:27:55Z

As there's no way I can tell whether a data is sensible or not, I went and wrote a small function to normalize the exception almost identical as the Exception::getTraceAsString() based on Exception::getTrace().

What this basically does it tries to replicate the getTraceAsString method, but removing all the arguments, which removes all the arguments passed to any function preventing from reveal any data including sensitive data.

This solution was implemented by ff00728

* v-input style updates for icons * Remove color validation

benhaynes added the bug Something isn't working label Nov 1, 2018

benhaynes mentioned this issue Nov 1, 2018

Error at first login after install #554

Closed

wellingguzman closed this as completed in ff00728 Nov 23, 2018

samvasko pushed a commit to samvasko/api that referenced this issue Nov 25, 2019

v-input style updates for icons (directus#555)

3278d05

* v-input style updates for icons * Remove color validation

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Password in Logs #555

Password in Logs #555

benhaynes commented Nov 1, 2018

wellingguzman commented Nov 23, 2018

Password in Logs #555

Password in Logs #555

Comments

benhaynes commented Nov 1, 2018

wellingguzman commented Nov 23, 2018