jtroussard
commented
3 months ago I can take a closer look this weekend at this PR. At first blush though it will need an accompanying test or updates to existing tests.
Open erlendvollset opened 4 months ago
jtroussard
commented
3 months ago I can take a closer look this weekend at this PR. At first blush though it will need an accompanying test or updates to existing tests.
jtroussard
commented
3 months ago First, I want to genuinely thank you @erlendvollset for your contribution and for spotlighting this security concern within the project. Your initiative is greatly appreciated. At the risk of stepping on toes, and after much consideration, I would like to propose and directly offer a different approach, which may address the issue more comprehensively. The nature of the changes I'm contemplating significantly diverges from the current proposal, extending beyond what might be practical to suggest via this PR alone or a simple PR code suggestion. To properly ilustrate this alt implementation I will open another PR inspired by this one (the commits will name you as a co-author). This is done with the utmost respect for your initial effort and is aimed solely at following a certain coding principles the community is trying to enforce. I hope this is taken in the collaborative spirit intended, and I'm more than open to discussing this further, potentially on even a different implementation all together.
Currently access tokens are exposed in logs when running with DEBUG log level. In many cases it's desirable to run a process with log level DEBUG without exposing such secrets. If there is some other way you think this should be configured, please advise.