https://www.php.net/manual/en/mongodb.configuration.php should caution users that the debug logs include the original connection string and Manager constructor options, which can reveal the URI password and/or client certificate password. We can consider sanitizing those values PHPC-1425, but for now we should alert users to this so they can sanitize it themselves before sharing logs in a public forum.
That said, we should still advise users that these logs may reveal other sensitive information from their application by way of dumping raw socket data. This includes, but is not limited to, inserted and queried documents.
- is related to
-
PHPC-1425 Sanitize URI and certificate passwords in debug logs
- Blocked