top | item 41679165

(no title)

osullip | 1 year ago

Logging passwords on the fly is probably common. Some debug or log action setup and forgotten.

However, if you ever see a password in plain text you should raise alarms to the highest level.

In this case, I don't think the alarm was raised.

discuss

I agree, but also I know of devs that don't understand the basic security implications of passwords being in logs. I could easily see how someone, maybe even a couple of people, could see these logs and think nothing of them.

vidarh|1 year ago

Vast quantities of logs are never reviewed by anyone....