mattcollier
commented
3 years ago Work on this should be based on the branch associated with this PR: https://github.com/digitalbazaar/bedrock-mongodb/pull/57
Closed mattcollier closed 3 years ago
mattcollier
commented
3 years ago Work on this should be based on the branch associated with this PR: https://github.com/digitalbazaar/bedrock-mongodb/pull/57
dmitrizagidulin
commented
3 years ago +1.
There are many instances where
config.urlis being logged. This url will often include login credentials in the form:Login credentials should not be surfaced in the logs. This needs to be updated immediately and therefore I propose that all logging of
config.urlbe removed entirely. Perhaps in the future a more sophisticated logging method that redacts the credentials can be developed.See: https://github.com/digitalbazaar/bedrock-mongodb/blob/master/lib/index.js#L101