-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add option to force hide sensitive info like user password in log file #471
Comments
This patch hides IP addresses (not a big deal for me) but doesn't hide authentication credentials, e.g. what issue title says. ;) In debug logs one could still see lines like those:
I know, it's not trivial to handle this in Maybe this issue should be reopened? |
Do you understand what you are asking? In those log lines, the function that printed them does not know what is printing, as it is raw data, uncategorised. The only solution to your query is to delete those DEBUG lines in the source code. |
Sorry. Sure, I do understand it's raw binary data, and that's why I said it's not trivial. I just noticed that credentials are there, and found this issue (referred from https://www.ejabberd.im/node/24803) talking about passwords. Thought, if it exists, and specifically talks about passwords, I could raise a point that passwords are still logged. I see two possible approaches here:
Both aren't perfect, but could do the trick. |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Sensitive info are not log in production log level mode. However, when troubleshoot or on server with little traffic, some admins prefer getting more log.
Having the option to force hide sensitive info everywhere make sense.
This relates to #452.
The text was updated successfully, but these errors were encountered: