Bug 1570221 Don't print parameter values to logs when in production mode
The best way to prevent sensitive data from being printed to the logs
is to avoid printing the value of *any* parameter. For instance, a
password parameter may have an unusual name, or it may be passed
through a general-purpose function like "strlen()".
Since parameter values are useful for debugging, we can still print
them when not in production mode (although with known password
params still scrubbed out).
Note this patch both scrubs likely password params, and hides their
scrubbed value. That's mostly because I'm lazy, but it also obscures
the password's actual length.
Change-Id: I4a1ab4c89a169c6b29a7b63384c2412cee761ab7
behatnotneeded: Can't test with behat
(cherry picked from commit 9a2972495d55c55633f1fa10522cd567933ecf6f)
Reviewed: https:/ /reviews. mahara. org/6813 /git.mahara. org/mahara/ mahara/ commit/ b984a1b40700e37 f120019cae7fc5a 681c9c092a
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 15.04_STABLE
commit b984a1b40700e37 f120019cae7fc5a 681c9c092a
Author: Aaron Wells <email address hidden>
Date: Thu Apr 14 19:52:42 2016 +1200
Bug 1570221 Don't print parameter values to logs when in production mode
The best way to prevent sensitive data from being printed to the logs
is to avoid printing the value of *any* parameter. For instance, a
password parameter may have an unusual name, or it may be passed
through a general-purpose function like "strlen()".
Since parameter values are useful for debugging, we can still print
them when not in production mode (although with known password
params still scrubbed out).
Note this patch both scrubs likely password params, and hides their
scrubbed value. That's mostly because I'm lazy, but it also obscures
the password's actual length.
Change-Id: I4a1ab4c89a169c 6b29a7b63384c24 12cee761ab7 633f1fa10522cd5 67933ecf6f)
behatnotneeded: Can't test with behat
(cherry picked from commit 9a2972495d55c55