Description
From a security point of view we decided that, by default, both the message action and state passed to ILogger.Write should not contain any application data. That is, data that comes from the data store or may be supplied by an end user of the application. Depending on the application, this data may contain sensitive information (usernames, credit card numbers, etc.). Examples include, results from queries, values stored in entity instances, and constant values used in LINQ expressions.
We'll have a simple flag that can be enabled to allow this information to be included. This is especially useful for logging queries, where it is helpful to have the parameter values logged along with the query.
This work item includes:
- Creating the flag (off by default)
- Reviewing existing logging to make sure it honors the flag
- Writing a warning to the log when the flag is enabled (once per context, ServiceProvider, or whatever is easiest)
- Wherever data is filtered out of a message, include a message in place of the data letting folks know they can enable the flag to get the data (and a warning that it may result in logging sensitive info)
We should try and add this in a way that makes it easy to use it for future logging that we add.