Query string parameters are not filtered in logs

Question

Query string parameters are not filtered in logs

jayjun opened this issue 5 years ago · 2 comments

I expected config :phoenix, :filter_parameters to filter sensitive parameters from logs. But exceptions logged by PlugCowboy exposes all parameters.

[error] #PID<0.823.0> running MyAppWeb.Endpoint (connection #PID<0.821.0>, stream id 1) terminated
Server: localhost:80 (http)
Request: GET /signin/callback?sensitive-parameters-here
** (exit) an exception was raised:
    ** (FunctionClauseError) ...

I thought of two solutions, both less than ideal.

:filtered_parameters are passed to PlugCowboy during start to configure translator. They show up as [FILTERED] as expected. Possible duplicate code with Phoenix.
Don’t log query strings in PlugCowboy. Possibly confusing.

Answer 1 · 2019-09-07T21:49:14.000Z

@jayjun I really, really, really don't think you should be passing confidential data in query strings. Query strings are stored in the browser history, accessible by pretty much any external javascript running on the page, accessible as a referer when you go to another site, etc. So the reason we don't bother scrubbing it is because your logs are the least of your concerns if you have safe data in your query string.

We have no plans to fix this but if you really want to go on this route, then you can have your own translator. :)

Thanks!

Answer 2 · 2019-09-07T22:26:04.000Z

I’m more concerned about when I cannot control what’s in query strings, such as in OAuth 2.0 callbacks. But I agree, probably erring on the side of caution too much. It’s just unexpected, because logs from Phoenix and PlugCowboy are not differentiated.