-
Type: Improvement
-
Resolution: Won't Fix
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: Logging
-
Labels:None
-
Server Security
-
Security 2020-04-20, Security 2020-05-04, Security 2020-05-18, Security 2020-06-01, Security 2020-06-29
We are supposed to redact a Status or DBException prior to logging it, if it is possible that this entry may contain some sensitive information (e.g., unencrypted user data). This is a bit error prone, because it requires engineers to remember to add redact.
It would be nice if the new V2 logging system automatically did this. With a disclaimer that I only thought about this for 15 seconds, where is what I am imagining:
Somehow change the traits of CustomAttributeValue to check whether it is of type Status or DBException and instead of calling T::toString to actually call redact(T::toString()). My reasoning was that if this framework knows that there's a method toString it must also know that there is a specific type.