Uploaded image for project: 'PHP Driver: Extension'
  1. PHP Driver: Extension
  2. PHPC-1424

Inform users that mongodb.debug output contains sensitive information

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.7.0
    • Affects Version/s: None
    • Component/s: Docs
    • None

      https://www.php.net/manual/en/mongodb.configuration.php should caution users that the debug logs include the original connection string and Manager constructor options, which can reveal the URI password and/or client certificate password. We can consider sanitizing those values PHPC-1425, but for now we should alert users to this so they can sanitize it themselves before sharing logs in a public forum.

      That said, we should still advise users that these logs may reveal other sensitive information from their application by way of dumping raw socket data. This includes, but is not limited to, inserted and queried documents.

            Assignee:
            andreas.braun@mongodb.com Andreas Braun
            Reporter:
            jmikola@mongodb.com Jeremy Mikola
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: