Security Enhancement: Action Input Redaction from Logs

The Bubble server logs are enormously useful in diagnosing errors and bugs in apps. However, because the logs record the full input to server-side actions this represents a privacy and security vulnerability; particularly if the development environment is ever breached, or if an aggrieved Bubble staff maliciously violates their terms of employment (I only bring it up because I have seen it happen in organisations I have worked for. Bubble staff for their part have been fantastic, shout out to @malcolm!)

To mitigate this threat vector it would be helpful if a "Redact when..." conditional was available on every server side action. When the Bubble expression in the conditional evaluates to yes the action’s data would be redacted from the log of the action’s call.


This is a great idea. Redact when “is not test version” for example.

1 Like