Techly NewsGet the app

Get the latest tech news

Keeping secrets out of logs (2024)


There's no silver bullet, but if we put some "lead" bullets in the right places, we have a good shot at keeping sensitive data out of logs.

I completely made up this phrase, but the idea is that secrets are coupled to, embedded into, and baked into more general formats like URLs or remote procedure calls. I think a better alternative to a global sample rate is to aggregate logs by some heuristic like type or origin, and to ensure you hit some minimum threshold. I highly recommend going through an exercise like this, because not only does it force you to understand the flows and boundaries of the system, if you spend time at each node and threat model it, you end up finding a bunch of unexpected ways and places that secrets make it into logs.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of secrets

secrets

Photo of logs

logs

Related news:

News photo

Alibaba Cloud reveals its uptime and efficiency secrets developed by in-house network boffins

News photo

“ChatGPT killed my son”: Parents’ lawsuit describes suicide notes in chat logs | ChatGPT taught teen jailbreak so bot could assist in his suicide, lawsuit says.

News photo

Dev Reveals Secrets Behind New "3D" Platformer for the ZX Spectrum

« Google To Make AI Mode Default Search Soon
Show HN: rm-safely – A shell alias that moves files to trash instead of deleting »