• Aaron Wells's avatar
    Bug 1570221 Don't print parameter values to logs when in production mode · 9a297249
    Aaron Wells authored
    The best way to prevent sensitive data from being printed to the logs
    is to avoid printing the value of *any* parameter. For instance, a
    password parameter may have an unusual name, or it may be passed
    through a general-purpose function like "strlen()".
    
    Since parameter values are useful for debugging, we can still print
    them when not in production mode (although with known password
    params still scrubbed out).
    
    Note this patch both scrubs likely password params, and hides their
    scrubbed value. That's mostly because I'm lazy, but it also obscures
    the password's actual length.
    
    Change-Id: I4a1ab4c89a169c6b29a7b63384c2412cee761ab7
    behatnotneeded: Can't test with behat
    9a297249
init.php 16.6 KB