Tokens shouldn't be logged
Brought to you by:
three4clavin
Menu
▾
▴
#5 Tokens shouldn't be logged
If logger is passed to ReadApi or WriteApi constructor, for most if not for every call all parameters will be logged at info level, including token parameter. IMO this is a security problem, and if api user would really want to have token in log, that logging could be done before/after calling ReadApi or WriteApi. One solution would be to mask token argument for log output.
Affected version: 2.3
