telegram icon indicating copy to clipboard operation
telegram copied to clipboard
verified publisher icon mautrix

Hide homeserver token from aiohttp logs

Open pacien opened this issue 6 years ago • 3 comments

By default, the aiohttp logger is set to the INFO level, which causes all HTTP requests to be logged with the appservice's token in them. This might be a security issue.

For reference, Synapse redacts all tokens when logging requests.

pacien avatar Aug 05 '19 13:08 pacien

Related to #321

tulir avatar Aug 06 '19 10:08 tulir

An easy workaround could be to set this logger's level to WARNING by default instead.

https://github.com/tulir/mautrix-telegram/blob/281f7203dc6eec8be9e6489a8bf29ad7e850f07d/example-config.yaml#L345-L346

pacien avatar Aug 06 '19 11:08 pacien

This should be fixed on the server side (matrix-org/matrix-doc#2832)

tulir avatar Nov 17 '20 16:11 tulir