Error reporting dumps sensitive information

GenieFramework / Genie.jl

🧞The highly productive Julia web framework

https://genieframework.com

MIT License

2.26k stars 190 forks source link

Error reporting dumps sensitive information #674

Closed banachtech closed 1 year ago

banachtech commented 1 year ago

Hello -

First time Genie user here. While trying out the Juliacon 2003 demo (API page implementation), I encountered some errors. The error message dumped on the HTML page accessing the REST API had the full stack trace and sensitive environment variable data under the header JULIA ENV.

Is this info being shared elsewhere via telemetry? Am I missing any security setting to avoid this dump?

Thanks.

essenciary commented 1 year ago

@banachtech 1/ this info is not shared with anybody 2/ the dump is enabled in dev and test environments for helping you debug the error. When you run the application in production this page and the data is disabled.

essenciary commented 1 year ago

We can probably disable the dump of JULIA ENV in v6 anyway -- I don't find it useful tbh.

banachtech commented 1 year ago

Thanks for the prompt reply.