Closed
Bug 1011343
Opened 10 years ago
Closed 10 years ago
sync logs contain FxA email address
Categories
(Firefox :: Sync, defect)
Firefox
Sync
Tracking
()
VERIFIED
FIXED
mozilla32
People
(Reporter: markh, Assigned: Gijs)
Details
(Whiteboard: p=2 s=it-32c-31a-30b.3 [qa+])
Attachments
(1 file)
1.22 KB,
patch
|
markh
:
review+
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
With the change to FxA, we now log the email address of the user: 1400141271123 Sync.Service INFO Logging in user foo@bar.com (but with the real email address). In the old sync we just logged a hash of the username (the hash is what is stored as the username, so no special action was taken to log the hash). Given this is PII, it seems we should not log this.
Flags: firefox-backlog+
Reporter | ||
Updated•10 years ago
|
Whiteboard: p=2
Comment 1•10 years ago
|
||
Is this a "regression" from bug 1006943 then?
Reporter | ||
Comment 2•10 years ago
|
||
(In reply to :Gavin Sharp (email gavin@gavinsharp.com) from comment #1) > Is this a "regression" from bug 1006943 then? Nope - it's been doing that since FxA landed.
No longer blocks: 1006943
Updated•10 years ago
|
Whiteboard: p=2 → [qa+] p=2
Comment 3•10 years ago
|
||
Since it's not a regression and we're already getting close to the end of Beta for FF30, I'm going to untrack this and let the backlog do it's job. We can look at a nomination for uplift when ready and make the decision then for how high to take it at that time based on where we're at in the cycle.
Updated•10 years ago
|
Whiteboard: [qa+] p=2 → p=2 [qa+]
Updated•10 years ago
|
Assignee: nobody → gijskruitbosch+bugs
Status: NEW → ASSIGNED
Whiteboard: p=2 [qa+] → p=2 s=it-32c-31a-30b.3 [qa+]
Assignee | ||
Comment 4•10 years ago
|
||
(In reply to Mark Hammond [:markh] from comment #0) > With the change to FxA, we now log the email address of the user: > > 1400141271123 Sync.Service INFO Logging in user foo@bar.com > > (but with the real email address). In the old sync we just logged a hash of > the username (the hash is what is stored as the username, so no special > action was taken to log the hash). > > Given this is PII, it seems we should not log this. What's the desired endstate here? Should we log a hash (is there still a hash), or replace it with e.g. email@example.com, or something else?
Flags: needinfo?(mhammond)
Reporter | ||
Comment 5•10 years ago
|
||
(In reply to :Gijs Kruitbosch from comment #4) > What's the desired endstate here? Should we log a hash (is there still a > hash), or replace it with e.g. email@example.com, or something else? The desired state is the correct balance between "no PII" and "enough debug info to be useful" - beyond that it's up to you ;) (But to be helpful, I'd say completely omitting it is fine - we could just ask the user for their email addy)
Flags: needinfo?(mhammond)
Assignee | ||
Comment 6•10 years ago
|
||
So... what are the STR here? I spent the last 30 minutes trying to understand the log level goop and which of the two (both?) logs that match the string from comment #0 are involved here, but I've not managed to get it to show up. If I can't get this logged, I also can't really check that I've fixed it... I've enabled logOnSuccess, and I synced several times, but neither the error nor the success log seem to have any login info. I've also tried to replace some of the seemingly relevant "Debug" prefs with "Info" (.identity, .status, .authentication, ...), to no avail.
Flags: needinfo?(mhammond)
Assignee | ||
Comment 7•10 years ago
|
||
OK, so it seems for the log level prefs to take effect, you need a restart, and the tps/ thing isn't built by default, so I just need to change the other instance. Patch coming up.
Flags: needinfo?(mhammond)
Assignee | ||
Comment 8•10 years ago
|
||
Attachment #8430733 -
Flags: review?(mhammond)
Assignee | ||
Comment 9•10 years ago
|
||
FWIW, the other case that I noticed was http://mxr.mozilla.org/mozilla-central/source/services/sync/tps/extensions/tps/resource/auth/sync.jsm#65 but I don't know by whom / under what circumstances / how that gets called.
Reporter | ||
Comment 10•10 years ago
|
||
Comment on attachment 8430733 [details] [diff] [review] don't log username in sync log, Review of attachment 8430733 [details] [diff] [review]: ----------------------------------------------------------------- Thanks!
Attachment #8430733 -
Flags: review?(mhammond) → review+
Reporter | ||
Comment 11•10 years ago
|
||
(In reply to :Gijs Kruitbosch from comment #9) > FWIW, the other case that I noticed was > http://mxr.mozilla.org/mozilla-central/source/services/sync/tps/extensions/ > tps/resource/auth/sync.jsm#65 but I don't know by whom / under what > circumstances / how that gets called. TPS is yet-another-test-environment. Sync is full of surprises ;)
Comment 12•10 years ago
|
||
(In reply to :Gijs Kruitbosch from comment #6) > I've enabled logOnSuccess, and I synced several times, but neither the error > nor the success log seem to have any login info. I've also tried to replace > some of the seemingly relevant "Debug" prefs with "Info" (.identity, > .status, .authentication, ...), to no avail. FWIW, you want to bump those prefs up to "Trace", not down to "Info". And, as you discovered, restart Firefox.
https://hg.mozilla.org/mozilla-central/rev/75131819a6fe
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
Reporter | ||
Comment 15•10 years ago
|
||
(In reply to :Gijs Kruitbosch from comment #14) > Does this want uplifting, Mark? I think so, yeah. Thanks!
Flags: needinfo?(mhammond)
Updated•10 years ago
|
QA Contact: twalker
Assignee | ||
Comment 16•10 years ago
|
||
Comment on attachment 8430733 [details] [diff] [review] don't log username in sync log, [Approval Request Comment] Bug caused by (feature/regressing bug #): new sync User impact if declined: we log personally identifiable information to disk if the user toggles a hidden pref Testing completed (on m-c, etc.): on m-c Risk to taking this patch (and alternatives if risky): none String or IDL/UUID changes made by this patch: none
Attachment #8430733 -
Flags: approval-mozilla-aurora?
Updated•10 years ago
|
Attachment #8430733 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 18•10 years ago
|
||
Hi Tracy, will it be possible to have this bug verified by end of day this Friday? Our current Iteration ends on Monday June 9.
Flags: needinfo?(twalker)
Comment 19•10 years ago
|
||
(In reply to Marco Mucci [:MarcoM] from comment #18) > Hi Tracy, will it be possible to have this bug verified by end of day this > Friday? Our current Iteration ends on Monday June 9. Absolutely, I'll look at it today, if possible. But otherwise leaving myself needinfo'd as a reminder.
Comment 20•10 years ago
|
||
I no longer see the log line with email addy in latest nightly. I had seen it with logs prior to the landing.
Status: RESOLVED → VERIFIED
Flags: needinfo?(twalker)
Updated•6 years ago
|
Component: Firefox Sync: Backend → Sync
Product: Cloud Services → Firefox
You need to log in
before you can comment on or make changes to this bug.
Description
•