[Bug] Do not show credentials in the logs !

Question

[Bug] Do not show credentials in the logs !

Closed this issue 2 months ago · 1 comments

chevdor commented 3 months ago

Describe the bug
No credential should ever be shown in the logs...
See #1117 for an example.

To Reproduce

look at the startup logs

Expected behavior
No credential is ever shown in the logs

Screenshots

Desktop (please complete the following information):
n/a

Additional context
n/a

Answer 1 · 2024-10-23T17:12:39.000Z

Yeah.
This MUST be fixed.

This should never be a 'On By Default' thing...

it's just putting a big red "Come n Get it!" sign on your infra.

Additionally; I'd encourage tests be put in place to inspect the emitted logs for sensitive data...

(This stuff has a nasty habit of getting re-enabled from dev pr's.... having a test to make sure that no verboselog happens to shout your hunter2 to the wide-wide-world-of-logs.... will make it a lot easier to ensure it doesn't happen again.)