Implemented Censor "password" and "password_confirm" on login/register errors

Kent

Kent

Active member
If a user is registering or logging in and a server error occurs during the request, the full state of the request gets sent to the error log, including the user's password. I believe this information should censored in the log to protect user privacy and confidence in security.

Censoring the password could pose a problem if somehow the password is related to the server error, so perhaps an override (such as debug mode) should allow the log to be untouched.

I noticed this because Gravatar timed out when a user was registering.
 
Upvote 0
This suggestion has been implemented. Votes are no longer accepted.

Similar threads

Alan_SP
  • Question Question
XF 2.2 Users can't register - server errors
Replies
6
Views
422
Alan_SP
Alan_SP
Miri
  • Solved
XF 2.2 Admin-side errors on Xenforo forum and query recommendation from host
Replies
11
Views
943
Miri
Miri
bplein
  • Question Question
XF 2.2 Automated bounced and unsubscribe email handler errors - authorization problems
Replies
3
Views
1K
bplein
bplein
bplein
Not a bug Automated bounced and unsubscribe email handler errors - authorization problems (cross post from community forums)
Replies
2
Views
822
bplein
bplein
dazamate
XF 2.1 Login to XF2 On Different SubDomian Via PHP
Replies
7
Views
2K
DKGE
DKGE
Top Bottom