Hi I have been using your phpbrake package in my Laravel projects and I noticed lots of sensitive data like keys and passwords turning up in the airbrake logs. Laravel uses the phpdotenv package to handle configuration for the framework, which will set all variables in the .env file into the $_SERVER and $_ENV super globals.
Looking through the phpbrake I can see that the package always logs entire content of $_SERVER, $_REQUEST and $_SESSION.
Is it advisable that users unset any sensitive from these super globals before calling notify() or should the package only be logging a list of safe keys from these super globals?
Hi I have been using your phpbrake package in my Laravel projects and I noticed lots of sensitive data like keys and passwords turning up in the airbrake logs. Laravel uses the phpdotenv package to handle configuration for the framework, which will set all variables in the .env file into the $_SERVER and $_ENV super globals.
Looking through the phpbrake I can see that the package always logs entire content of $_SERVER, $_REQUEST and $_SESSION.
Is it advisable that users unset any sensitive from these super globals before calling notify() or should the package only be logging a list of safe keys from these super globals?