1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Implemented Censor "password" and "password_confirm" on login/register errors

Discussion in 'Closed Suggestions' started by Kent, Sep 29, 2012.

  1. Kent

    Kent Active Member

    If a user is registering or logging in and a server error occurs during the request, the full state of the request gets sent to the error log, including the user's password. I believe this information should censored in the log to protect user privacy and confidence in security.

    Censoring the password could pose a problem if somehow the password is related to the server error, so perhaps an override (such as debug mode) should allow the log to be untouched.

    I noticed this because Gravatar timed out when a user was registering.
     

Share This Page