Closed
Bug 1203692
Opened 10 years ago
Closed 10 years ago
Audit logs (particularly for any URLs we might leak)
Categories
(Firefox for iOS :: Browser, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| fxios | 1.1+ | --- |
People
(Reporter: sleroux, Assigned: rnewman)
Details
Attachments
(2 files)
We need to make sure that we are not leaking any URLs or sensitive data in our app logging.
|
Assignee | |
Updated•10 years ago
|
No longer blocks: pbmode
Summary: Audit logs for any URLs we might leak during private mode → Audit logs (particularly for any URLs we might leak)
|
||
Comment 1•10 years ago
|
||
On a production build we are logging full details of your Sync secrets:
Oct 4 20:56:43 Stefans-iPhone-6 Client[437] <Warning>: onLogin: {"customizeSync":false,"sessionToken":"xxx","keyFetchToken":"xxx","verified":true,"unwrapBKey":"xxx","email":"sarentz+testflight@mozilla.com","uid":"xxx","verifiedCanLinkAccount":true}
|
|
||
Comment 2•10 years ago
|
||
Remove verbose logging from FxAContentViewController
Attachment #8669492 -
Flags: review?(sleroux)
|
|
Assignee | |
Comment 3•10 years ago
|
||
Comment on attachment 8669492 [details] [review]
PR: https://github.com/mozilla/firefox-ios/pull/1119
Wouldn't say no to a quick 1.0.2.
Attachment #8669492 -
Flags: review?(sleroux) → review+
|
|
||
Comment 4•10 years ago
|
||
Merged https://github.com/mozilla/firefox-ios/pull/1119
Leaving this bug open in case we find more logging issues.
|
Reporter | |
Updated•10 years ago
|
Assignee: rnewman → sleroux
|
|
Reporter | |
Comment 6•10 years ago
|
||
Here's what I've found that we're logging that is questionable:
Recording of URLs in log files on disk for every non-private tab visit:
Profile#L221 - log.debug("Recording visit for \(url) with type \(v).")
Recording of URLs in log files on disk when removing/adding bookmarks:
SQLiteBookmarks#L283 - log.debug("Removing bookmark \(url).")
Logging of synced tab urls to disk:
TabSynchronizer#L84 log.debug("\(remotes)")
Creating tabs from tab records:
TabSynchronizer#L41 log.debug("Sending tabs JSON \(tabsJSON.toString(true))")
Logging DB secret:
2015-10-14 11:50:12.660 [Debug] [BrowserDB.swift:47] init(filename:secretKey:files:) > Creating db: /private/var/mobile/Containers/Shared/AppGroup/3EBD981A-58BA-4A0A-959B-F0B0FFFEC8FC/profile.profile/logins.db with secret = Optional("njF81qBBMRi4oCKHHD/lANF2UH2cr1mynvpu6KcwKiJxSuBbe0Kbag+GO1MD3Y1QQJqsGAMYUEAa9YWBfpFU6CFlehHBP20rYnMYXdzxpV7IQvnqQ3dvThhOMqegCDpQsVpRKEJmUl/crsguP4QhxAtqosnpu8za6xlSgcd4io0nR8x8x8MAzD47q4My6h1KJ1ObcIGQ4/llGLu5kSHg0FlM8HvIHc9fdE8vavcO9uOixRJ940Lzg0IgPRevUcUJrPHd10OFzxD6j7mag90ffj3c5ePql68g2Zc7sxrE6+HsX8mhSM5u/b+gpLo37dp2Q2HNNAP67bclJc+PVULnJw==")
|
|
Assignee | |
Comment 7•10 years ago
|
||
I have a couple of commits coming for those.
|
|
Assignee | |
Comment 8•10 years ago
|
||
(In reply to Stephan Leroux [:sleroux] from comment #6)
> Logging DB secret:
Note that we only do that for developer builds, precisely so we can debug by poking the DB.
|
|
Assignee | |
Comment 9•10 years ago
|
||
Commits are at the end of https://github.com/mozilla/firefox-ios/pull/1146.
|
|
Assignee | |
Comment 10•10 years ago
|
||
4155dea
|
|
Assignee | |
Comment 11•10 years ago
|
||
2015-10-14 15:38:29.987 [Debug] [SQLiteLogins.swift:217] getLoginsForProtectionSpace > Looking for login: https://bugzilla.mozilla.org
|
|
Assignee | |
Comment 12•10 years ago
|
||
Stealing this back for a final pass.
Assignee: sleroux → rnewman
Attachment #8673964 -
Flags: review?(bnicholson)
|
||
Updated•10 years ago
|
Attachment #8673964 -
Flags: review?(bnicholson) → review+
|
|
Assignee | |
Comment 13•10 years ago
|
||
2dfaff7
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•