You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The vocab mapper currently logs the raw input data. But this means that if we submit any user's API keys, they're freely available to anyone reading the server logs.
Solutions:
don't log raw input, only log formatted input
redact any sensitive values in the input
Maybe a wider point here is: perhaps the Apollo server should have a system for automatically logging all raw inputs for data purposes. We can use an input.credentials object and only log the keys of that, rather than the values. Or log partial values actually, the last 5 characters or so. That way, individual services don't have to worry about this stuff, and the official guideline can be "don't ever log raw input data".
It would be useful debugging to see a hint of the API key's value
The text was updated successfully, but these errors were encountered:
The vocab mapper currently logs the raw input data. But this means that if we submit any user's API keys, they're freely available to anyone reading the server logs.
Solutions:
Maybe a wider point here is: perhaps the Apollo server should have a system for automatically logging all raw inputs for data purposes. We can use an input.credentials object and only log the keys of that, rather than the values. Or log partial values actually, the last 5 characters or so. That way, individual services don't have to worry about this stuff, and the official guideline can be "don't ever log raw input data".
It would be useful debugging to see a hint of the API key's value
The text was updated successfully, but these errors were encountered: