tracy Password is readable from container, but not from parameter

Password is readable from container, but not from parameter

Open janbarasek opened this issue 5 years ago • 4 comments

Version: 2.7.5

Bug Description

In case of generated Nette Container with password in service (Nette Context) I can read password from source code but I think this password should be hidden (like in parameters):

Snímek obrazovky 2020-07-01 v 15 54 37

Steps To Reproduce

See your callstack to Nette Context.

Expected Behavior

String parameter with can be hidden in source code.

Possible Solution

I think it can be solved by replacing string '<password>' or "<password>" with real password from parameter.

I can send PR if this suggestion make sense.

Thanks.

Jul 01 '20 14:07 janbarasek

Ok, try to send PR.

Jul 13 '20 12:07 dg

I think instead of this:

Snímek obrazovky 2020-07-14 v 9 42 51

Tracy can support comment annotation for ignoring password part:

Snímek obrazovky 2020-07-14 v 9 44 31

What do you think about?

Jul 14 '20 07:07 janbarasek

I guess that's the way to do it.

Jul 14 '20 09:07 dg

Please consider extensions from user-land.

Jul 14 '20 10:07 f3l1x

tracy tracy copied to clipboard

Password is readable from container, but not from parameter

Bug Description

Steps To Reproduce

Expected Behavior

Possible Solution

tracy
tracy copied to clipboard