Stop Logging the Request Parameters of DSS Operation in case of error scenario #3123
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Problem
If an error occurs in the Nested Exception DSS use case, the added parameters, their values, and the payload are printed to the logs. This is a security concern , as it could expose sensitive information such as passwords and usernames. Additionally, if the payload is large, it can also be a performance issue. Masking the sensitive data in the logs is not a solution for this, when payloads are large and dynamic.
Refined Steps to Reproduce the Issue:
Setting up the Data Service:
Begin by creating a data service utilizing a sample database. You can follow the documentation [1] to access and comprehend the sample data service provided. This service will serve as the context for reproducing the issue.
Triggering the Data Service with an Invalid Payload:
Next, intentionally invoke the data service using an invalid payload.
[1] Reference the provided documentation for guidance on creating and using the sample data service.
[1] https://ei.docs.wso2.com/en/latest/micro-integrator/use-cases/examples/data_integration/rdbms-data-service/
Solution
Introduce the property to disable logging params
Affected Component
MI
Version
EI 6.x.x and MI
Implementation
No response
Related Issues
No response
Suggested Labels
No response
The text was updated successfully, but these errors were encountered: