Logging of login credentials

[HiImMoe]

Hi, I installed this package some days ago and Im really happy with it! However, I have noticed that the logger also logs the password unencrypted to the database if REST auth is used because it's part of the request. Is there an option to disable or encrypt the password in the requests?

[vishalanandl177]

Hi, I'll suggest you skip those APIs to be logged in by specifying.

DRF_API_LOGGER_SKIP_URL_NAME = ['url_name1', 'url_name2']

If you want to log this request then listen to the logger signals by specifying. DRF_API_LOGGER_SIGNAL = True # Default to False And manually log after modifying the requested data (example: change password value to **). To manually log use DRF Model.

Please let me know if you have any problems.

[HiImMoe]

Okay thank you very much for your fast response! I thought there might be an option for just disable the password logging. But as it seems there is no option I will just exclude the URL.

[vishalanandl177]

In the next release I'll add a feature to hide passwords.

On Thu, 8 Apr 2021, 6:37 pm HiImMoe, @.***> wrote:

Closed #14 https://github.com/vishalanandl177/DRF-API-Logger/issues/14.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/vishalanandl177/DRF-API-Logger/issues/14#event-4568565532, or unsubscribe https://github.com/notifications/unsubscribe-auth/AD7SDTCGFWY2DOFQI53DZSLTHWTB7ANCNFSM42SXTY2Q .

[HiImMoe]

That would be really nice! Thank you.

[vishalanandl177]

The issue is fixed, please update to the latest version 1.0.7.

New features:

1. Hide Sensitive Data From Logs
2. Change the default database to store API logs