hazaar/framework
1
0
Fork 0
Code Issues 14 Pull requests 1 Projects Releases Packages 1 Wiki Activity Actions

Hide encrypted config elements from error/trace output #213

New issue
Closed
opened 2020-11-24 03:47:12 +00:00 by jamie · 3 comments
jamie commented 2020-11-24 03:47:12 +00:00 (Migrated from git.hazaar.io)
Copy link

For debugging, when we output an error we also display the current configuration for convenience. This is a potential security issue if the developer/ops manager does not disable debugging in a production environment. We could just say "tough, just turn it off", which is kinda what I have been doing, but I had the idea to internally flag configuration elements loaded from an encrypted include file and just not output those elements, just in case debugging is left on.

For debugging, when we output an error we also display the current configuration for convenience. This is a potential security issue if the developer/ops manager does not disable debugging in a production environment. We could just say "tough, just turn it off", which is kinda what I have been doing, but I had the idea to internally flag configuration elements loaded from an encrypted include file and just not output those elements, just in case debugging is left on.
jamie commented 2021-03-13 00:47:45 +00:00 (Migrated from git.hazaar.io)
Copy link

mentioned in merge request !122

mentioned in merge request !122
jamie commented 2021-03-13 00:47:45 +00:00 (Migrated from git.hazaar.io)
Copy link

created merge request !122 to address this issue

created merge request !122 to address this issue
jamie commented 2021-03-13 01:35:46 +00:00 (Migrated from git.hazaar.io)
Copy link

mentioned in commit 41f38de90489e31d365026e1bfaf35635b8dfdfc

mentioned in commit 41f38de90489e31d365026e1bfaf35635b8dfdfc
jamie (Migrated from git.hazaar.io) closed this issue 2021-03-13 01:35:46 +00:00
jamie self-assigned this 2025-09-04 01:15:28 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
586-gitlab-ci-migration
297-feature-router-security
develop
No results found.
Labels
Clear labels   
bug

   
confirmed

   
critical

   
discussion

   
documentation

   
Doing

   
enhancement

   
experiment

Experimental Feature

  
suggestion

   
support

   
Testing

   
To Do
No labels
bug
confirmed
critical
discussion
documentation
Doing
enhancement
experiment
suggestion
support
Testing
To Do
Milestone
Clear milestone
No items
No milestone
Release 2.6
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
jamie
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: hazaar/framework#213
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?