Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In the context of production, why would you need to log anything other than X-Forwarded-For/X-Real-IP, timestamp, and the endpoint that was hit?


Remember that the context is a bug.

So sure you don't want to log everything in Prod, but maybe you do in Dev. In that case, a bug would be to push the dev logging configuration to Prod. Oops.

If you have the clear text password at any point in your codebase, then there is no full-proof way to prevent to log it unintentionally as the result of a bug. You just have to be extra-careful ( code review, minimal amount code manipulating it, prod-like testing environment with log scanner, ...)


Because when fatal exceptions happen you want to know what the request was. It helps debug what went wrong.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: