In ELMAH with MVC 3, How can I hide sensitive form data from the error log?
Here is the scenario...
User types his us开发者_JAVA技巧ername. Types an "incorrect" password.
Both username and password values are being passed to the Elmah error log
via the Exception.Context.Request.Form["Password"]
.
It's a read-only value and cannot be modified.
And no... I don't want to dismiss the exception (fail). We added ErrorLog Filtering programmatically:
void ErrorLog_Filtering(object sender, ExceptionFilterEventArgs e)
{
if (e.Exception is LogOnException)
{
((HttpContext) e.Context).Request.Form.Remove("Password");
// This is what we want to do, but we can't because it is read-only
}
}
But cannot modify the Request.Form so that the password is hidden from our error log.
Anybody ever encountered a way around this?
I basically want all the error data without the password field. We considered logging it manually but that seemed to be a lot of work compared to simply hiding the sensitive data.
Cheers guys. Thanks in advance.
You can't modify the form collection on the request but you can modify the form collection on an Elmah Error isntance and then manually log it. I.e.
public static class ElmahSensitiveDataFilter
{
public static void Apply(ExceptionFilterEventArgs e, HttpContext ctx)
{
var sensitiveFormData = ctx.Request.Form.AllKeys
.Where(key => key.Equals("password", StringComparison.OrdinalIgnoreCase)).ToList();
if (sensitiveFormData.Count == 0)
{
return;
}
var error = new Error(e.Exception, ctx);
sensitiveFormData.ForEach(k => error.Form.Set(k, "*****"));
Elmah.ErrorLog.GetDefault(null).Log(error);
e.Dismiss();
}
}
Then in Global.asax
void ErrorLog_Filtering(object sender, ExceptionFilterEventArgs e)
{
var ctx = e.Context as HttpContext;
if(ctx == null)
{
return;
}
ElmahSensitiveDataFilter.Apply(e, ctx);
}
Catch the exception, then log something in ELMAH manually, like this:
catch (LogOnException e)
{
Elmah.ErrorSignal.FromCurrentContext().Raise(new Exception("Bad Password"));
}
You can't do this unless you modify the source itself. You could certainly modify the configuration and add the notion of an "Excluded Form Elements" to that, then when the Error class copies the collection from the HttpContext, you can remove any items in that list.
Another alternative would be to use something else, obviously, that provides more explicit control over the logging process like EntLib or log4net. It's trivial to write a module or global exception handler to utilize either one of those tools. Moreover, they are relevant in scopes outside of web applications.
精彩评论