NetTalk Central

Author Topic: Hiding password (etc) in web server log  (Read 879 times)

Jane

  • Sr. Member
  • ****
  • Posts: 348
  • Expert on nothing with opinions on everything.
    • View Profile
    • Email
Hiding password (etc) in web server log
« on: December 24, 2022, 06:56:40 PM »
Grinchly Greetings, Obi Wan!

I was interested in the solution you worked out for masking passwords in the web server log display during this week's webinar.

What you showed mostly works.   

BUT?  it still leaks passwords BEFORE they get to the AddLog section of code. 
As soon as you move around in the log and then come back to the POST, the value has been masked by the code you added in AddLog.  But initially it displays on the screen.

If there were an embed available in StartNewThread, before the ?web:LastPost is first displayed, that initial display of sensitive data could be avoided.

[Edited to add - would you add an embed before that DISPLAY statement ?  ]

Of course, that requires running the filtering code twice  :-\

Holiday Cheers,

Jane

« Last Edit: December 25, 2022, 01:18:53 PM by Jane »