Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You forgot also making sure you aren't logging things you shouldn't log. Some are obvious maybe like passwords. Others might be less obvious like the title of every window on the user's desktop which Facebook Oculus logs. Those titles end up including every page of every website you've visited, the title of every document you've edited, and every video you've watched.


Ideally the data should be filtered before it gets to logging in the first place, but if not, you can add another layer of defense by employing censors:

https://tersesystems.github.io/terse-logback/guide/censor/

Or you can use logstash-logback-encoder, which has masking:

https://github.com/logstash/logstash-logback-encoder#masking


There's also Witchcraft Logging, which has the concept of "safe" parameters and is available in Go, Rust, and Clojure:

https://docs.rs/witchcraft-log/0.3.0/witchcraft_log/


Is this a bug or a feature?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: