Review logs for sensitive information leaks
Categories
(Toolkit :: Password Manager, task, P1)
Tracking
()
People
(Reporter: serg, Assigned: issammani)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
|
(deleted),
text/x-phabricator-request
|
Details |
Lets take another round of logging review and focus on removing logging of:
- passwords
- tokens
- crypto keys
- user input
- addresses
- credit card details
- visited URLs (debatable, may be sometimes we need it, but we should strip path and query parameters)
There is rarely a need to log these things and if there is such need it should be done locally only. We can not afford user posting their log while seeking help and accidentally exposing their sensitive information.
P.S. also this is a good chance to remove unnecessary logs if we have any. The less we log the better.
|
Reporter | |
Updated•2 years ago
|
|
Assignee | |
Comment 1•2 years ago
|
||
|
||
Updated•2 years ago
|
|
|
Assignee | |
Updated•2 years ago
|
|
||
Comment 3•2 years ago
|
||
Backed out changeset 92e6d5d2672d (Bug 1774244) for causing bc failures on browser_username_select_dialog.js.
Backout link
Push with failures
Failure Log
|
|
Assignee | |
Comment 5•2 years ago
|
||
(In reply to Marian-Vasile Laza from comment #3)
Backed out changeset 92e6d5d2672d (Bug 1774244) for causing bc failures on browser_username_select_dialog.js.
Backout link
Push with failures
Failure Log
It should be good now :)
|
|
||
Comment 6•2 years ago
|
||
| bugherder | ||
Description
•