I feel like I am missing something, so forgive me if I sound sarcastic, it's not intended.
The framework should present the ability to add an instance level filter of arguments, variables, and function calls that should be redacted from the ticket. In my use case, I am concerned with the password, in other environments there may be concerns of other data being exposed in variables, arguments, or function calls. For example, ABA routing / account numbers, cc numbers (hopefully these would all be going through another interface), user demographic information, etc. On Tuesday, March 26, 2019 at 12:23:17 AM UTC-5, Dave S wrote: > > > > On Monday, March 25, 2019 at 7:28:21 PM UTC-7, zm wrote: >> >> Having some sort of filter criteria would make sense to me. For example, >> a list of arguments and variables to redact / filter. >> >> > But what are you concerned about, beyond the password issue? What do you > want to be able to filter? What have you found in tickets you've looked at > that raises flags? > > /dps > > >> >> >> On Monday, March 25, 2019 at 3:30:30 PM UTC-5, Dave S wrote: >>> >>> >>> >>> On Monday, March 25, 2019 at 10:57:00 AM UTC-7, zm wrote: >>>> >>>> The error tickets created by the framework are great for debugging, >>>> however depending on where a failure can include, they can include very >>>> sensitive information like user ID + password combinations. >>>> >>>> Is it possible to filter certain fields out of the tickets such as user >>>> name / password? It seems like snapshot could be updated to include >>>> some sort of filter. >>>> >>> >>> The tickets are only visible (out of the box, at least) to the Admin >>> account. Exposing passwords to the Admin account has become a no-no, but >>> even without them the Admin can reset the password or disable the account. >>> The purpose of the tickets is to allow programming errors to be corrected, >>> and every once in a while the error is password-related. Take your choice. >>> >>> Is there other information in the ticket that should be filtered? >>> >>> /dps >>> >>> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
