facebook icon indicating copy to clipboard operation
facebook copied to clipboard
verified publisher icon mautrix

Access token included in log output

Open tohojo opened this issue 4 years ago • 3 comments

The hs_token is printed in the log output, which makes me a bit twitchy:

Jan 28 08:00:58 matrix python[470268]: [2021-01-28 08:00:58,639] [[email protected]] ::1 [28/Jan/2021:08:00:58 +0000] "PUT /transactions/205065?access_token=1DtE_MgG8KtnYX_XXXXXXXXXXX HTTP/1.1" 200 158 "-" "Synapse/1.25.0"

Could this maybe be blocked out when logging?

tohojo avatar Jan 28 '21 08:01 tohojo

Spec issue (matrix-org/matrix-doc#2832), probably won't fix here

tulir avatar Jan 28 '21 09:01 tulir

Ah, so this is a log of the requests coming from the homeserver? Fair enough, will keep an eye on that spec PR, thanks!

tohojo avatar Jan 28 '21 10:01 tohojo

Ah, so this is a log of the requests coming from the homeserver? Fair enough, will keep an eye on that spec PR, thanks!

No it's not, but it should be fixed in spec to use header, not URL param

JuniorJPDJ avatar Jan 29 '21 02:01 JuniorJPDJ