I want this so badly, please implement
w0rp via Digitalmars-d
digitalmars-d at puremagic.com
Thu Apr 14 00:53:45 PDT 2016
On Wednesday, 13 April 2016 at 13:17:57 UTC, cym13 wrote:
> There's a world between exceptionnaly getting a user password
> in order to detect and solve a bug through an error message and
> knowingly logging every single user password, be it only on the
> legal side. In France for example you don't have the right to
> log most sensitive things. On the security side it's the same
> thing: the chances for an attacker to retrieve a password by
> server crashing are quite small, while getting his hands on the
> log file would be a goldmine.
This problem is typically solved by providing a list of keys to
either whitelist or blacklist for logging from POST requests, so
sensitive data is excluded from logs, but other data is available
so you can find out what went wrong.
I don't think Adam's request to log the index of an array will be
a security risk worth worrying about, however, not that you were
indicating that. I think his request is quite reasonable, any odd
implementation details permitting.
More information about the Digitalmars-d
mailing list