Skip to content
This repository has been archived by the owner on Mar 2, 2024. It is now read-only.

Access token included in log output #128

Open
tohojo opened this issue Jan 28, 2021 · 3 comments
Open

Access token included in log output #128

tohojo opened this issue Jan 28, 2021 · 3 comments

Comments

@tohojo
Copy link

tohojo commented Jan 28, 2021

The hs_token is printed in the log output, which makes me a bit twitchy:

Jan 28 08:00:58 matrix python[470268]: [2021-01-28 08:00:58,639] [INFO@aiohttp.access] ::1 [28/Jan/2021:08:00:58 +0000] "PUT /transactions/205065?access_token=1DtE_MgG8KtnYX_XXXXXXXXXXX HTTP/1.1" 200 158 "-" "Synapse/1.25.0"

Could this maybe be blocked out when logging?
@tulir
Copy link
Member

tulir commented Jan 28, 2021

Spec issue (matrix-org/matrix-spec-proposals#2832), probably won't fix here

@tohojo
Copy link
Author

tohojo commented Jan 28, 2021

Ah, so this is a log of the requests coming from the homeserver? Fair enough, will keep an eye on that spec PR, thanks!

@JuniorJPDJ
Copy link

Ah, so this is a log of the requests coming from the homeserver? Fair enough, will keep an eye on that spec PR, thanks!

No it's not, but it should be fixed in spec to use header, not URL param

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tohojo @tulir @JuniorJPDJ