Possible credentials leak in logs

Question

Possible credentials leak in logs

Closed this issue 6 years ago · 0 comments

Here is a log I get when started exporter:

2018/12/06 11:41:32 Starting Smsc balance exporter (version=, branch=, revision=)
2018/12/06 11:41:32 Build context (go=go1.11.2, user=, date=)
2018/12/06 11:41:34 Request error: Get https://smsc.ru/sys/balance.php?fmt=3&login=<my-login>&psw=<mypassword>: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) 
2018/12/06 11:41:34 Error fetching balance: Get https://smsc.ru/sys/balance.php?fmt=3&login=<my-login>&psw=<my-password>: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
2018/12/06 11:41:34 Error fetching balance: unexpected end of JSON input
2018/12/06 11:41:34 Cannot parse balance: strconv.ParseFloat: parsing "": invalid syntax

As you see, there is a real credentials in the log which is not very secure.

As possible solution credentials in error message can be substitued by certain placeholder before printing.