Details
-
Improvement
-
Resolution: Won't Fix
-
Major - P3
-
None
-
None
-
None
-
Server Security
-
Security 2020-04-20, Security 2020-05-04, Security 2020-05-18, Security 2020-06-01, Security 2020-06-29
Description
We are supposed to redact a Status or DBException prior to logging it, if it is possible that this entry may contain some sensitive information (e.g., unencrypted user data). This is a bit error prone, because it requires engineers to remember to add redact.
It would be nice if the new V2 logging system automatically did this. With a disclaimer that I only thought about this for 15 seconds, where is what I am imagining:
Somehow change the traits of CustomAttributeValue to check whether it is of type Status or DBException and instead of calling T::toString to actually call redact(T::toString()). My reasoning was that if this framework knows that there's a method toString it must also know that there is a specific type.