When your debugging tool becomes a goldmine for hackers.
Applications generate logs to help developers debug issues. However, if those logs contain Personally Identifiable Information (PII) like passwords, credit card numbers, or session tokens, the logging system itself becomes a massive security vulnerability. Logs are usually stored in plain text, kept for months, and accessible to many employees who wouldn't normally have database access.
Never dump raw request payloads or error tracebacks into logs without sanitization. You should configure your logging library to automatically scrub keys like `password`, `token`, or `card_number` before the log string is ever created.
# VULNERABLE: Dumping the raw request
@app.route("/login", methods=["POST"])
def login():
# DANGER: The user's plaintext password is now in Datadog/Splunk forever.
logger.info(f"Incoming login request: {request.json}")
# SECURE: Explicit Logging
@app.route("/login", methods=["POST"])
def login():
# Only log exactly what you need.
logger.info(f"Login attempt for user: {request.json.get('username')}")
In 2018, Twitter (now X) announced a bug where they were storing passwords in plain text in an internal log. Before completing the hashing process, the code was writing the raw password to a debug log. They had to ask all 330 million users to change their passwords, purely because of a single overzealous `console.log()`.
Why is it a bad idea to send an API Key in the URL, like `GET /api/data?api_key=secret_123`?