Remove logging of collector payloads #522
Comments
|
This issue was spotted during an investigation of CVE-2021-44228. But to be clear, this is not supposed to be our primary safeguard against that CVE. Rather, it's just something we should do anyway. More details about CVE-2021-44228 impact on Snowplow apps on Discourse |
istreeter
added a commit
that referenced
this issue
Mar 25, 2022
istreeter
added a commit
that referenced
this issue
Mar 25, 2022
istreeter
added a commit
that referenced
this issue
Mar 26, 2022
istreeter
added a commit
that referenced
this issue
Mar 26, 2022
istreeter
added a commit
that referenced
this issue
Mar 28, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There are three places in the code base where we potentially log event-level data: here in beam enrich, here in stream enrich and here in enrich-pubsub. That last one is a debug level, which is probably OK.
From a data governance point of view, logs are much more difficult to manage if they potentially contain customer data.
The text was updated successfully, but these errors were encountered: