0

I am working on an issue where the password and username are being shown in the log files of an application. Whenever the application does a POST call, the log of the same gets stored in the httpd logs file. But it shows the password in the plain text(see below). Is there any way I can mask the password? Below is the log which I was talking about.

10.181.214.53 - - [22/Nov/2022:16:26:13 +0530] "POST /uaa/oauth/token?grant_type=password&username=223053925&password=Gei321itc HTTP/2.0" 401 62

I tried editing the custom logs file, but was not successful. Can anyone please help me?

Adwet Ojha
  • 1
  • 1
  • Please [don't upload text as image](https://meta.stackoverflow.com/a/285557/13447). Edit your question to contain all the information in text form - consider to use the editor's formatting options. Also see [ask]. Apparently your application sends the password as GET paramater despite POSTing the request. I'd fix that, rather than dealing with it on the server side. – Olaf Kock Nov 22 '22 at 09:16
  • I edited the question as suggested by you. Since I am a beginner in this field, can you please tell me how can I fix it? – Adwet Ojha Nov 22 '22 at 13:04
  • Thank you. I can't tell you how to fix your application: You don't include code. My suggestion is to fix it on that end, rather than on the Apache logging end. – Olaf Kock Nov 22 '22 at 13:47

0 Answers0