Hacker News new | past | comments | ask | show | jobs | submit login

> The developer didn't think about what might be in what they were logging, the package assumed that the developer did, and the result could have been avoided by a more integrated whole

Umm, is there any all in one web framework that protects against this to any level of guarantee?

It's been my experience that Rails logging can and will do things like censor password fields when passed objects.

So, yes, it is possible for logging (and serialization) systems to defend against this kind of thing.

In my experience these password logging events tend to be at a lower level than object serialization. They're usually at the raw request level.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact