xchapter7x
commented
8 years ago This is an ongoing effort, but yes i agree it would be nice if we could mask sensitive data in these logs.
As it stands the approach we have taken is, Debug should not be set on production environments b/c, as you note, it contains sensitive info. It does however contain useful information if you are trying to do a bit of debugging on an issue. So it is useful to be able to flip on.
That said we will like to take a more balanced approach to these debug logs. There is now an item in the backlog so we will prioritize exploring Debug solution which doesnt expose sensitive info.
When running cfops with LOG_LEVEL=debug, sensitive information such as passwords are printed to stdout in clear text. It would be great if these could be masked before being printed out.