Sanitize Debug Logs #1438
hinneLinks
started this conversation in
Ideas
Sanitize Debug Logs
#1438
Replies: 1 comment 2 replies
-
|
Added a warnign in #1457 |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
In addition to the warning, I suggest to apply #1520 |
Beta Was this translation helpful? Give feedback.
-
|
Which has now been applied and redacts the Authorization header and other sensitive information, like Cookies. Thanks for raising this issue @hinneLinks! |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I recently wanted to send a Debug-Log of Davx5 to my Mail Provider and noticed that the Logs contained the "Authorization: Basic"-Header with the real value, e.g. my Password masked in Base64.
Imho this Header (and other Password related info) should not be logged, an inexperienced User would never notice it (since its Base-64-Gibberish) and might then post the Log online.
Or at least, activating the log should give you a warning, that the log might contain the Password.
Beta Was this translation helpful? Give feedback.
All reactions