Dumping objects with sensitive data

Question

Dumping objects with sensitive data

thomasgalliker opened this issue 5 years ago · 2 comments

We often have the situation that dumped objects contain sensitive data such a personal information (name, address,...) or security relevant information (password hashes, authentication tokens). ObjectDumper of course cannot automatically detect and obfuscate such information.

This issues serves as bucket to collect ideas of the users of ObjectDumper would like this problem to be solved - or if it even is a problem to be solved.

Answer 1 · 2020-06-16T18:19:21.000Z

How about an ignore attribute similar to how json is ignoring properties?
Something like [IgnoreWhenDumping] or [DontDump] is easy to implement, easy to use, and even easy to read.

Answer 2 · 2020-06-17T07:59:53.000Z

The thing with attributes is: we should avoid having people to install ObjectDumper nuget in all their contracts/model assemblies. Theoretically, we could probe for the presence of a certrain attribute name (like you proposed, „IgnoreWhenDumping" or similar).

What actually is already present is an ExcludeProperties filter in DumpOptions.