Do Not Log Sensitive Information

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Do not log sensitive user or application data to your log files. Permissions on log files are often different than permissions on sensitive data in your data store and operations that access it. Sensitive data in your logs could allow users to gain access to information that they would not otherwise have access to.

Sensitive data includes, but is not limited to:
  • Personally identifiable Information.** Information that either contains personally identifiable information or can be used to derive personally identifiable information that should not be shared with users. This can include credit card numbers or social security numbers.
  • User sensitive information. Information that a user provides that they would not want shared with other users of the application. This can include user credentials, preferences or application usage information.
  • Application sensitive information. Information that comes from a trusted source that is not designed to be shared with users. This can include connection strings and service account credentials.

Additional Resources

Last edited Jun 12, 2008 at 7:47 PM by prashantbansode, version 1

Comments

No comments yet.