Comments (8)
Looked at the repo. It's a bad idea to be adding passwords to an exception, so I would simply not do that instead of using that library.
I think rather than deciding to support Destructurama, we should perhaps think about adding some extensibility that allows you to decide whether you want to log a property or not e.g.
bool CanLogProperty(Type type, string propertyName);
But not sure if this is useful, you are the first person to ask for a feature like this and like I say, adding secrets to exceptions is a bad idea.
from serilog.exceptions.
Fair point to argument.
In my case is not about secrets, but having Personal Identifiable Information (PII) data on custom exceptions.
For example, an exception that captures a request which posted PII data.
from serilog.exceptions.
Would it be possible to remove that data from the exceptions in the first place?
from serilog.exceptions.
Yes it is, but it'll be nicer to have the whole logging pipeline respecting the current applied enrichers.
from serilog.exceptions.
Thoughts @krajek?
from serilog.exceptions.
I agree @RehanSaeed.
The problem seems to be out of the domain of the library.
I do not know the details, so I may miss something, but it seems that exception should only contain some identifier (GUID for example) that would allow an authorized actor to reach for PII if necessary (debugging or audit purposes), secured by proper authorization.
@luizbon Alternatively, you could write your own destructurer for particular exception types. Maybe that's viable in your case.
from serilog.exceptions.
Fair enough, the downside of using identifiers is that it's required to have code to load the data on the exception handler that needs the data. But is understandable to have it.
My suggestion was related to the library respect the current enrichers configured on Serilog pipeline when destructing the exception. Probably I wasn't clear of this when opened the issue.
I'll close this issue as it's not relevant to the library.
Thanks
from serilog.exceptions.
Hi, would you be open to reconsidering this?
We use destructurama extensively in our system and recently added Serilog.Exceptions
to our Serilog configuration.
To our surprise, unlike other libraries that plug into Serilog, this one doesn't respect destructurama attributes, so we are suddenly logging PII that we use as part of the exception flow, but that we were filtering out / masking using destructurama.
As an example, we have a phone number field in an exception, we mask it in the logs because it's PII. However, we are still interested in logging whether it was a null value, whether the length of the string was valid, or whether it's using a country prefix that we don't support.
Until now we only needed to add [LogMasked]
to the property, and we knew that any serialization to logs would be masked properly.
from serilog.exceptions.
Related Issues (20)
- [Docs] Destructurer via json HOT 3
- Add configuration example to readme HOT 1
- Separated Column or Porperty for exception stacktrace HOT 2
- Exception with redefined property(new modifier) stops enrichment altogether HOT 13
- Dependency Dashboard
- Not showing Exception stack trace in "Exception" field of the log HOT 13
- Add destructurer for Refit ApiException HOT 4
- Filtering out any property from a direct property of ExceptionDetails HOT 3
- Create Custom Destructurers for More Exceptions HOT 7
- mapper [NpgsqlValue] cannot be changed from type [date] to [ObjectMapper] HOT 3
- EF6 - protection against logging entire db. HOT 1
- Entity Framework Logging Behaviour HOT 2
- Exceptions with large properties HOT 3
- Same Key Added Exception in ExceptionPropertiesBag HOT 5
- [TaskCanceledExceptionDestructurer] Destructured object type inconsistent HOT 1
- Maximum destructuring depth reached. HOT 3
- Demystified exception stack trace support HOT 1
- Serilog.Exceptions.EntityFrameworkCore docs warning unclear HOT 1
- Request that Serilog.Exceptions.EntityFrameworkCore description also includes Serilog appsetting.json example HOT 1
- FOSSA Compliance tool license missing for v4.1.0 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from serilog.exceptions.