Username and Password are displayed in logs. How to avoid this.

0
Hi , We are using  REST API to login into an another application and get data from there using  REST API calls only. So we are having custom login page and providing username and password to login to third party application and calling Login API . We have published the app in cloud . Now When we login from cloud app and login to Third party application we could able to see this rest call request with username and password details in the logs ( We have enabled the log level as Info ). How we can avoid to show that Username and password information in the logs. Is there any configuration or logic I should implement.
asked
2 answers
1

Usually any kind of authentication (for instance basic auth) in you CALL REST action shows up as ‘Authentication: (omitted)’ in the logs in case of ERROR or TRACE levels, so I wouldn't know why it would show up in INFO. 

Sounds to me like you're logging the credentials yourself or if you are putting them in JSON/XML you might want to check the loglevels of the JSON and XML Export to see if they are accidentaly put on TRACE.

answered
0

one option is to set the log level to "none". 
If there is an issue with the application in production, having logs that capture the steps leading up to the error can be crucial for troubleshooting and debugging. If the log level is set to "none," there will be no logs available to help identify and resolve the issue.
while setting the log level to "none" may reduce resource usage and improve performance, it comes at the cost of losing valuable information that can be crucial for maintaining the health and security of a production environment. It is generally recommended to set the log level to an appropriate level that balances the need for logging with the need for performance and resource efficiency.

answered