Closed gbakeman closed 3 months ago
Into the logs folder are included: .htaccess file and index.html to prevent access to the folder. The name of the log files contain hash string so it is hard to be guessed the name of the file and open directly. Since v3.0.0 of the plugin an option for masking the user details in the log was added. If you use nginx you have to block the access to the logs folder.
Many thanks!
Greetings,
I've just started using this plugin from working with Nuvei, thank you for your work on it so far.
We need to have logging on to troubleshoot some issues with payments, and I noticed that log files go to a directory in the uploads folder with default other-readable permissions set. I think with the kind of information that is being logged (with log level set to 0), this poses quite a security risk and I'd like to suggest a few ideas for mitigating this: