database password logged when SQL error occur
Wingzzzzz opened this issue · 5 comments
iOS 12.4
cordova-sqlcipher-adapter 0.4.1
As function of Cordova-sqlite-storage,
when SQL error occurs,
it logs database open args like:
2019-10-16 18:58:01.136887+0800 MyApp[18299:2294348] ERROR: execute sql with error : { db:
{ openargs:
{ name: 'app.db',
key: 'password1',
location: 'default',
dblocation: 'nosync' },
dbname: 'app.db',
openSuccess: [Function],
openError: [Function] },
fn: [Function],
error: [Function],
success: undefined,
txlock: true,
readOnly: false,
executes: [] }
The problem comes to cordova-sqlcipher-adapter is that the password is exposed whenever other get connected to the device to check device log.
Thanks, please accept my apologies for the extra-long delay. Definitely a security issue!
no problem, appreciate your effort on the project
This kind of error log is not in the JavaScript code on this plugin. I think we can close this one.
have not looked into the logging related code.
but can i say this: options printed are not expected to have sensitive information
As I tried to explain before that log message is not part of this plugin. A https://stackoverflow.com/help/minimal-reproducible-example is needed to demonstrate your issue. Closing as invalid.