[interchange-bugs] [rt.icdevgroup.org #314] Avoid logging of sensitive information in SagePay payment module
Stefan Hornburg via RT
interchange at rt.icdevgroup.org
Thu Sep 10 09:18:52 UTC 2009
Thu Sep 10 09:18:52 2009: Request 314 was acted upon.
Transaction: Ticket created by racke
Queue: Interchange
Subject: Avoid logging of sensitive information in SagePay payment module
Owner: lynstgeorge
Requestors: racke at linuxia.de
Status: new
Ticket <URL: http://rt.icdevgroup.org/Ticket/Display.html?id=314 >
In this loop we are writing sensitive information to the disk:
foreach my $key (sort keys(%query)) {
::logDebug("Query to SagePay: \"$key=$query{$key}\""); # nicely readable version of the string sent
push @query, "$key=$query{$key}";
}
Please disable the logging or even better weed out / obfuscate the
sensitive information.
Regards
Racke
More information about the interchange-bugs
mailing list