Better control for function logs #463
Comments
Comment by kbrandwijk I propose adding a |
Comment by lastmjs It would also be nice to control the number of logs that are returned to the terminal, if your function has thousands of instances then that will be a lot of logs. |
Comment by Jannis I guess one question is where sensitive information can appear in the system. I'd argue that in most cases it is either part of mutations (e.g. sensitive variables such as a password passed to a mutation such as CI systems like Travis allow you to mark environment vars as private and then they substitute them with their names in logging output. Of course we're not dealing with env vars here. But still, is there some feasible way to annotate the attributes and function parameters in the GraphQL schema to mark them as private? The Graphcool service could then substitute such attributes/variables with something non-sensitive. |
Comment by kbrandwijk @Jannis I think it's a great idea to mark fields as sensitive in your schema, and in resolver function parameters.
And:
Attribute could be named |
Hey @marktani, In my mind this is quite critical, as sensitive user data like, passwords are stored unencrypted. Which will be problematic with the GDPR coming in may. And is in general a high security issue. Especially because a lot of people are using the email-password auth templates. |
Seems like this need to be escalated. The @Private directive seems to be an ideal solution. |
While I like the idea of marking certain fields as private I would still like to reduce the logging to error messages on production systems. I would even disable the super verbose logging by default for |
Couldn't prisma simply move to using debug for logging so that the user of prisma can expose prisma logs if they choose to or not via filtering. To debug prisma it would be as simple as adding Its a dependency of bigger projects so using debug would just make sense and not require lots of changes on the prisma side. I don't need every query prima does logged in my production logs. |
Issue by marktani
Thursday Sep 14, 2017 at 08:27 GMT
Originally opened as https://github.com/graphcool/prisma/issues/556
What feature are you missing?
Currently, all functions are logged, including input and output data. This might contain sensitive data. An option to disable or redact logs for a specific function could would be helpful here.
Note that function logs are only accessible to the collaborators of a project.
The text was updated successfully, but these errors were encountered: