Verbose logging without exposing passwords #1704
Labels
type:bug
Impaired feature or lacking behavior that is likely assumed
Comments
|
We should probably censor the password in logs, like rails does. |
drew-gross
added
the
type:bug
|
@drew-gross good point. |
|
Fixed in #1790 |
|
This issue still isn't fixed as of 2.2.17. When a user logs in, the password is still getting logged. I did some debugging and looks like the problem is that |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Environment Setup
Elastic beanstalk.
Steps to reproduce
Enable verbose logging via environment variables.
Logs/Trace
verbose: GET /parse/login { host: 'xxx',
...
'content-type': 'text/plain',
'user-agent': 'node-XMLHttpRequest, Parse/js1.8.3 (NodeJS 4.3.0)',
"username": "[email protected]",
"password": "plain-text-password"
}
Apologies if this is not a Parse specific question, but what are my options for logging? I see that I can enable VERBOSE=1 in my environment settings, but when I do that I see log statements with passwords in plain text like the above. I'd like to avoid having passwords logged like this. I'm not positive that log is actually coming from Parse, but it is formatted like the other Parse messages so I'm assuming it is?
The text was updated successfully, but these errors were encountered: