Open suuuehgi opened 2 years ago
I have noticed this as well, and it takes some time to remove all the personal information with find and replace on Notepad Plus Plus.
@cketti - I was looking at this one and had some ideas. It seems like this is because the response from the IMAP server in RealImapConnection.readResponse() contains the headers, and headers contain senders' address, name, subject, etc. Arguably these are "sensitive" as suuuehgi states. So we could consider:
I suppose it hinges largely on where we want to draw the line on what's "sensitive." Seems like there are probably other parts of the app one could want to debug without revealing all of their email details to the LogCat gods. What do you think?
I had a much more comprehensive approach in mind. We probably shouldn't log e.g. account names and folder names either (unless "log sensitive information" is enabled).
I guess it would be useful to have something like this:
SpecialLogger.d("Performing some operation on %{sensitive}s:%{sensitive}s", account, folderName)
The protocol logging is one of the most useful tools we have to remotely diagnose issues. So ideally we find a way to keep it enabled by default without logging sensitive information. Since we only output the parsed result, we could build some logging logic with special handling for some responses.
The header.fields
contents of the FETCH
response are rarely important. So we could replace it with something like string[lines=4]
in the log.
In LIST
responses we could replace all letters with x
, but keep the special characters. That should still leave enough information to diagnose most issues.
Describe the bug Full contact detail are present within the debug log.
To Reproduce Steps to reproduce the behavior:
Expected behavior Don't log that information or obfuscate it.
Environment (please complete the following information):