New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove token_auth from archive.log #5277
Comments
Thanks for the suggestion, I think this makes sense! Maybe we can replace token_auth=XYZ by token_auth=REMOVED |
|
@mnapoli users can configure piwik to log the last maybe it would be fixed with #7301 |
In the link I only see redirecting the output of the command to a file, is that what you mean? We could have a look at passing the token_auth not in the URL maybe? E.g. as a header. The URL parameter could still be used but at least for correct setups the token would be passed as a header and never be logged, either in Piwik's output or also Apache access logs, etc... |
Yes
good idea, I created issue: #7349 @mnapoli is this issue fixed? |
Not totally, see for example https://github.com/piwik/piwik/blob/frontcontroller-refactoring/core/CronArchive.php#L825-833 In most case the archiver will use the logger, so it means the current issue is addressed. But in some cases it does It will be an easy fix, I'm moving it to 2.12. |
👍 |
When an error message is written to the archive.log, the token_auth is also written to the log file. For security reasons, I wish to suppress this information.
The text was updated successfully, but these errors were encountered: