3 replies

Is it safe to log AuthController failures or can it leak private info?

When debugging auth problems it is helpful to log the errors in the failure function, can this lean any info or is it safe?

def failure(conn, activity, reason) do
    Logger.error(
      "Authentication activity #{inspect(activity)} failed with error: #{inspect(reason, pretty: true)}"
    )
# ....

def failure(conn, activity, reason) do
    Logger.error(
      "Authentication activity #{inspect(activity)} failed with error: #{inspect(reason, pretty: true)}"
    )
# ....

def failure(conn, activity, reason) do
    Logger.error(
      "Authentication activity #{inspect(activity)} failed with error: #{inspect(reason, pretty: true)}"
    )
# ....

def failure(conn, activity, reason) do
    Logger.error(
      "Authentication activity #{inspect(activity)} failed with error: #{inspect(reason, pretty: true)}"
    )
# ....

Solution

Any time you see inspect in a logger call you're likely risking leaking private data

Jump to solution

Is it safe to log AuthController failures or can it leak private info?

Similar Threads

Similar Threads

Similar Threads