-
-
Notifications
You must be signed in to change notification settings - Fork 73
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(privacy): don't log email addresses and password hashes (#239)
What does this PR do / solve? ----------------------------- A user kindly reported that in order to better protect privacy of user-identifiable data in case of data leak, we should prevent the logging of email addresses and md5 hashes. Overview of changes ------------------- - update `request.logToConsole()` to scramble/anonymise values of `email` and `md5` fields - call the same method in appropriate places where user data is logged - remove a useless log that contains user data How to test this PR? -------------------- 1. run the server locally with `docker-compose up` 2. open http://localhost:8080/login in a browser 3. type an email address and password (even fake) 4. the value of your email address and md5 should not be disclosed in the stdout logs of `docker-compose up`: ``` === Sun, 27 Oct 2019 11:21:10 GMT POST /login (login.handleRequest) {"action":"login","email":"a*********@gmail.com","md5":"<MD5_HASH>"} fetching user { email: 'a*********@gmail.com' } ... ```
- Loading branch information
1 parent
8485ba1
commit aa187e0
Showing
6 changed files
with
65 additions
and
32 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters