search

HerrKater / elmah

Automatically exported from code.google.com/p/elmah
Apache License 2.0
0 stars 0 forks source link

Add a configuration option to allow omitting AUTH_PASSWORD from error logs #140

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
I would love a configuration option for web.config to specify whether or
not to store the value of the AUTH_PASSWORD server variable in error logs,
e-mails, etc. Perhaps this could be done through an attribute on the
security element (or a new element) such as: logPassword="0" or
omitServerVariables="AUTH_PASSWORD" .

This would allow an admin to prevent the logging of user passwords in the
interest of security. Perhaps this could be extended to also allow
specifying variables to omit or mask from the query string, form and
cookies collections (to prevent logging of credit card numbers, for example).

Note: I am aware of the customization mentioned at
http://groups.google.com/group/elmah/browse_thread/thread/48fc5183d1ed931d
but it would be nice to have this be configurable.

Original issue reported on code.google.com by mhenr...@gmail.com on 28 Oct 2009 at 2:32

GoogleCodeExporter commented 9 years ago

Original comment by azizatif on 28 Oct 2009 at 7:26

GoogleCodeExporter commented 9 years ago

Original comment by azizatif on 28 Oct 2009 at 7:27

GoogleCodeExporter commented 9 years ago 
What is the status of this issue?  We are very interested in this, and were 
going to
submit it too, but found this issue.  Is this going to be included in a release 
soon?
Russ Clark,
Sandia National Laboratories,
Albuquerque, NM

Original comment by rdcl...@sandia.gov on 4 Dec 2009 at 5:35

GoogleCodeExporter commented 9 years ago 
It should be configurable i.m.o., but I've managed to exclude it without 
modifying the source: 
http://tech.kipusoep.nl/2012/01/06/umbraco-elmah-with-sql-ce-4-0-and-authenticat
ion-part-2/

Original comment by ralph.eg...@gmail.com on 6 Jan 2012 at 10:29

GoogleCodeExporter commented 9 years ago 
Please elevate this much needed feature to high priority and implement it in 
the next Service Pack.

We are all eagerly waiting for it since 2009 when it was first logged.

Original comment by ykhab...@gmail.com on 5 Feb 2012 at 8:02

GoogleCodeExporter commented 9 years ago 
Highly needed feature. Having the user password as part of the error log 
prevents us from using ELMAH in production environment.  Please implement.

Original comment by epignos...@gmail.com on 6 Feb 2012 at 2:00

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
I think it is a good idea, add this feature

Original comment by jema...@miamigov.com on 6 Feb 2012 at 3:08

GoogleCodeExporter commented 9 years ago 
We would be a great feature. Please add it as soon as possible.

Original comment by ijgarci...@gmail.com on 6 Feb 2012 at 3:12

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
As a QA tester for web-application development, we are continually forwarding 
ELMAHs(emails) encoutered to development and QA team. Having my password 
concealed is a basic requirement for security(on a daily basis). Please 
implement this feature a.s.a.p in upcoming Service-Pack 2.

Original comment by webnetst...@gmail.com on 6 Feb 2012 at 3:16

GoogleCodeExporter commented 9 years ago 
Please add this feature, it is much needed. Passing the user information in an 
error message is a security issue.

Original comment by mannyot...@gmail.com on 6 Feb 2012 at 3:16

GoogleCodeExporter commented 9 years ago 
This missing feature is preventing us from using ELMAH for our Web based 
applications. It should be part of the ELMAH’s core configuration 
functionality. Having ELMAH’s 1.2 SP2 just for this single feature is a must.

Original comment by miria...@gmail.com on 6 Feb 2012 at 3:45

GoogleCodeExporter commented 9 years ago 
I am concerned about the password is included in the body of the Elmah message 
from the first day I started receiving them as result of my QA activities 
(2010). The priority of this request should be updated to HIGH.

Original comment by cvc...@yahoo.com on 6 Feb 2012 at 3:47

GoogleCodeExporter commented 9 years ago 
In my opinion, it doesn't take too much effort to add this feature and the 
benefit would be great. Please consider it as soon as possible.

Original comment by pcary2...@yahoo.com on 6 Feb 2012 at 4:22

GoogleCodeExporter commented 9 years ago 
We would like to implement this feature in our production environment but 
creating our own fork of the source is an undesirable option. Sending/logging 
the user password anywhere is a major security concern in most organizations.

Original comment by AnthonyV...@gmail.com on 6 Feb 2012 at 4:32

GoogleCodeExporter commented 9 years ago 
Hi there!

It's good to see so many people interested in this issue!
A few questions:

1) Are there any use cases for including AUTH_PASSWORD at all?

2) Should AUTH_PASSWORD be excluded by default?
i.e. <security /> <!-- no omitServerVariables -->
will automatically exclude AUTH_PASSWORD

3) If it is excluded by default how do you add it back in again?
Perhaps <security omitServerVariables="" /> gets it back.

4) Should the NuGet package be the one that does the exclusion?

Cheers,

James

Original comment by jamesdriscoll71 on 6 Feb 2012 at 4:58

GoogleCodeExporter commented 9 years ago 
In my opinion I believe AUTH_PASSWORD should be omitted by default. It seems to 
me that this is a feature that would be sought out for a particular purpose and 
not needed 99% of the time. The consequences of leaving this setting on without 
realizing can be disastrous.

Original comment by AnthonyV...@gmail.com on 6 Feb 2012 at 6:19

GoogleCodeExporter commented 9 years ago 
Hi James,

Thanks for the ideas on how to implement handling of the AUTH_PASSWORD server 
variable (and any other server variable)

1) Are there any use cases for including AUTH_PASSWORD at all?
Yes.

2) Should AUTH_PASSWORD be excluded by default?
i.e. <security /> <!-- no omitServerVariables -->
will automatically exclude AUTH_PASSWORD
It could be included by default.

3) If it is excluded by default how do you add it back in again?
Perhaps <security omitServerVariables="" /> gets it back.
If included by default, so by using comma separated list of values 
omitServerVariables="AUTH_PASSWORD,..." will disable  it.

4) Should the NuGet package be the one that does the exclusion?
Nice to have, but not mandatory.

Original comment by ykhab...@gmail.com on 6 Feb 2012 at 6:23

GoogleCodeExporter commented 9 years ago 
Hi James,

Thanks for the quick answer. This is my opinion about your questions:

1- Are there any use cases for including AUTH_PASSWORD at all? 
I can't think of a use case where it would be needed. But since it has always 
been part of ELMAH, some developers might rely on it for something. I would 
keep it for backward compatibility and for full coverage.

2- Should AUTH_PASSWORD be excluded by default?
i.e. <security /> <!-- no omitServerVariables -->
will automatically exclude AUTH_PASSWORD?
I think that excluding by default will be confusing. I would prefer to 
explicitly specify it using the idea of omitServerVariables.

3- If it is excluded by default how do you add it back in again?
Again, I don't think excluding by default is a good idea. It's not consistent 
with the way other server variables will be handled.

4- Should the NuGet package be the one that does the exclusion? 
Yes. I think we should make it a best practice not to include user passwords. 
Also, developers using the nuget package get the idea of how they can omit 
other server variables.

Original comment by epignos...@gmail.com on 6 Feb 2012 at 6:38