This screenshot was taken in the server logs screen when troubleshooting my reset password flow. The password that I used was 12345 which is almost entirely shown here.
Screenshot:
This screenshot was taken in the server logs screen when troubleshooting my reset password flow. The password that I used was 12345 which is almost entirely shown here.
Screenshot:
The first two and last two characters are shown.
I agree it should probably all be redacted as the first two and last two characters may be all that’s necessary to work out a password.
However, you should also have a password policy defined in your app settings that requires min 8. characters to make this harder.
Yes, it should be possible to specify whether any characters are visible in logs in the settings.
It is not very useful because I do not believe those four characters can be retrieved later. So allowing visibility in the logs can be a security risk, with no benefit (unless I am mistaken) to offset the drawback.
This topic was automatically closed after 14 days. New replies are no longer allowed.