Closed bitboxer closed 7 years ago
Hi,
thanks for the issue report. I'm not quite sure :sweat_smile:
Yes there doesn't seem to be parameter sanitization, but at the same time I only see us fetching the session and query params but chances are plug parser already ran on the conn. (Hopefully).
So, looking at our bugsnags - yes it probably would. :sweat:
Hasn't been a problem for us yet as we don't deal with passwords and the like, but yeah there should definiely be a mechanism for this that by default scrubs out values for password/api_key and the like.
Thanks for noticing and sorry for the inconvenience.
Okay. Will try to implement this. Currently thinking of filtering these as default :
Any other that should be filtered?
none that I can think of atm, thank you!
Thank you!
If everything goes well, release incoming today :)
Released in 0.3.0
Short question: the
Bugsnex.Plug
collects theconn.params
and sends them to bugsnag. I don't see any form of cleaning in there. Does this mean that passwords are sent to bugsnag right now?