scaramallion
commented
7 months ago Closed urieldardik closed 4 months ago
scaramallion
commented
7 months ago scaramallion
commented
7 months ago If there's any logging of personal information not covered by those two let me know. Specific reproducible examples would help a lot.
urieldardik
commented
7 months ago Upon observation, it is evident that certain logs lack protection from the specified parameters. This holds true for both the functions send_c_move and send_c_find within the association.py module.
https://github.com/pydicom/pynetdicom/blob/e1decc038f7310ec9c545c4519929cf503db46bf/pynetdicom/association.py#L1652C1-L1653C1
scaramallion
commented
7 months ago Ah! Thanks, I obviously missed some. Will be fixed in the next version.
Description: During our experimentation with Pynetdicom, specifically in conjunction with a local PACS server, we encountered an issue related to the retrieval of PatientId and PatientName. Upon inspection of the logs, we observed that the returned data is automatically logged without an available option to control or customize this logging behavior. This poses a dual challenge of potentially exposing sensitive patient information (PHI) through logging and the necessity for comprehensive logs for debugging purposes.
Feature Request: We propose the implementation of an option to control the fields or logs that are printed during data retrieval. This enhancement would empower users of the association file to determine which information is logged, aligning with their specific usage requirements.
Suggested Solution: We suggest the incorporation of an option that allows users to control the fields or logs to be printed during data retrieval. This could be achieved through one of the following alternatives:
Flag in Logging Function: Introduce a flag within the relevant function (e.g., send_c_move) that enables/disables logging for specific data. This provides a convenient on/off switch for logging within the function.
Field-Specific Control: Implement a mechanism that allows users to specify the fields they want to log, while ignoring others. This provides a more granular control over the information captured in the logs.
Additional Information: This feature would enhance the overall security and usability of Pynetdicom by allowing users to strike a balance between logging essential information and safeguarding sensitive patient data. We believe that providing such control aligns with best practices for maintaining both privacy and debugging capabilities.