I’m trying to understand how the Bubble server logs technically work. I.e. where are they stored, who has access etc.
We have tons of workflows where we need to pickup or request tokens etc. We try to do this in the backend so at least secrets will never show in the browser. Nevertheless every API key, access token etc. generated show up in the logs. Even user password are halfway masked.
E.g. username: Michael Jordan pw: Mic******dan (ok exaggerating here but you get the point).
Anyone some info where I can do some additional reading on this (GPT sucks)
We having problems with Server Log today(missing entries). I’m reading every server-log forum entry I can find. Hence me reading yours :-), earlier I saw this comment.
”What is Console Log (Server)? It’s an action from a plugin called **Ultimate Toolkit”
**
I’m not sure if the Ultimate Toolkit is open-source. But at a minimum you can contact the registered creator. They most know how it works if they can add entries to it.
When I look at DPA it could be HoneyComb or Elastic
I’m sure Bubble applies some form of masking on the password parameter at the login process and I guess the privacy settings on API calls also allow data to be masked / not sent to the log but indeed, it would be good to actually understand how this works. I would really appreciate having control over what data shows up in the logs and what data does not.
Just some examples:
* an incomming presigned upload URL (no further authentication needed),
* an incomming access token received after an authorization API post,
* subsequently posting the previous token as a Bearer token under Authorization (so dynamic expression needed) for a PUT file call.
While these are all time bound/short-lived, the client secret living in the database - used for the first step - always appears full, and yes indeed I can also see it in the Bubble app database, (which is already inconvenient as it is) but having the secret travel in text format into other external services
