Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sending all $_POST data can send sensitive information #32

Closed
mx-moth opened this issue Aug 10, 2012 · 0 comments
Closed

Sending all $_POST data can send sensitive information #32

mx-moth opened this issue Aug 10, 2012 · 0 comments

Comments

@mx-moth
Copy link

mx-moth commented Aug 10, 2012

We are using Sentry/raven-php in our application to log user actions, such as log in and purchasing. raven-php sends all $_POST data to the sentry server, which includes things like passwords and credit card details in these cases. This is not optimal.

Looking at the source code, there is no way to filter $_POST data before it is sent, or to not send it at all. We do not want to be responsible for storing sensitive client information in our logging application, nor transmitting such information across the internet.

Can some options be added to either disable the sending of $_POST/$_GET/etc data for some requests, or to filter the data that is sent through a user supplied callback?
@dcramer dcramer closed this as completed in e2a6449 Oct 5, 2012
Briones pushed a commit to Briones/sentry-php that referenced this issue Feb 20, 2020
@dcramer
Merge pull request getsentry#32 from getsentry/feature/better-app-paths
993fbad 
Improve app path handling
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dcramer @mx-moth