Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should log file contain plain text database username passwords etc? #1542

Closed
daljit3 opened this issue Nov 26, 2018 · 8 comments
Closed

Should log file contain plain text database username passwords etc? #1542

daljit3 opened this issue Nov 26, 2018 · 8 comments

Comments

@daljit3
Copy link

daljit3 commented Nov 26, 2018

name: Bug report
about: Help us improve the framework by reporting bugs!

Database credentials in the log file in production mode

I have enabled logs for critical errors and I can see this information in my log files

CRITICAL - 2018-11-26 00:05:13 --> MySQL server has gone away
#0 /var/www/myproject/system/Database/MySQLi/Connection.php(177): mysqli->real_connect('my_database_host', 'my_database', 'my_password', 'my_database', 3306, '', 0)
#1 /var/www/myproject/system/Database/BaseConnection.php(369): CodeIgniter\Database\MySQLi\Connection->connect(false)
#2 /var/www/myproject/system/Database/BaseConnection.php(602): CodeIgniter\Database\BaseConnection->initialize()
#3 /var/www/myproject/application/Models/MydbModel.php(297): CodeIgniter\Database\BaseConnection->query('\r\n          SEL...')
#4 /var/www/myproject/application/Controllers/Home.php(95): App\Models\MydbModel->getCategoryData(Array)
#5 /var/www/myproject/system/CodeIgniter.php(810): App\Controllers\Home->category()
#6 /var/www/myproject/system/CodeIgniter.php(307): CodeIgniter\CodeIgniter->runController(Object(App\Controllers\Home))
#7 /var/www/myproject/system/CodeIgniter.php(221): CodeIgniter\CodeIgniter->handleRequest(NULL, Object(Config\Cache), false)
#8 /var/www/myproject/public/index.php(45): CodeIgniter\CodeIgniter->run()

Obviously I have replaced the above with dummy values but I am just wondering if log file should include information set by .env file? Having this information is useful, I suppose, to know which server it is trying to connect to and failing but I wanted to inform you about this.

CodeIgniter 4 version
CodeIgniter-4-develop
@natanfelles
Copy link
Contributor

This line shows where to find the DBGroup:

#3 /var/www/myproject/application/Models/MydbModel.php(297): CodeIgniter\Database\BaseConnection->query('\r\n          SEL...')

@daljit3
Copy link
Author

daljit3 commented Nov 27, 2018

@natanfelles Sorry but my main concern is with the username and passwords being included in the log file.

@natanfelles
Copy link
Contributor

  • Should log file contain plain text database username passwords etc?
  • No. This line shows where to find the DBGroup:
#3 /var/www/myproject/application/Models/MydbModel.php(297): CodeIgniter\Database\BaseConnection->query('\r\n          SEL...')

We have already had a similar issue: #935

Putting sensitive data in log files is not good idea.

@puschie286
Copy link
Contributor

puschie286 commented Nov 28, 2018
edited
Loading

yes - its "just" the error page in development mode
-> if you use the default error page in production mode everything is good.

only if you customize/create own production error page take care of not show sensitive informations
/close everything is right

@jim-parry
Copy link
Contributor

Is this something that CI is doing out of the box? or a situation where you are logging something and expect CI to suppress sensitive info?
If this is being logged by the MySQLi driver, then do we need to suppress the error when it happens, and recast it as an exception without sensitive info?
Should we make it clearer in the docs that sensitive info like this will show in the log, on purpose?

@puschie286
Copy link
Contributor

puschie286 commented Nov 30, 2018
edited
Loading

its logged by the callstack - its only shown in development
Edit: there is already a note on the Multiple Environment page,

@Paradinight
Copy link

Never show sensitive informations and never log sensitive informations. We should prevent in the development too.

@daljit3
Copy link
Author

daljit3 commented Nov 30, 2018

@jim-parry

Is this something that CI is doing out of the box? or a situation where you are logging something and expect CI to suppress sensitive info?

Yes, out of the box in production mode.

If this is being logged by the MySQLi driver, then do we need to suppress the error when it happens, and recast it as an exception without sensitive info? Should we make it clearer in the docs that sensitive info like this will show in the log, on purpose?

Yes, I am using a MySQL database to connect to. I have two servers, one where I have my web app hosted and the other where I have mysql database hosted. One of the cron jobs restart my database server at midnight and that's when I get these errors in my log. I suppose the end user only sees "Whoops" page.

@puschie286 -

its logged by the callstack - its only shown in development Edit: there is already a note on the Multiple Environment page,

Yes I have enabled to log critical errors as I want to check my logs if there is anything broken on my site. The above log info is from production mode.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@daljit3 @puschie286 @natanfelles @jim-parry @Paradinight