Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable logging of (specific) environment variables (or mask values) in Windows 'Application' event log #54

Closed
kenny-evitt opened this issue Nov 5, 2014 · 2 comments · Fixed by #173
Closed

Disable logging of (specific) environment variables (or mask values) in Windows 'Application' event log #54

kenny-evitt opened this issue Nov 5, 2014 · 2 comments · Fixed by #173
Labels
enhancement
Milestone
2.0.0

Comments

@kenny-evitt
Copy link

I was investigating #52 and discovered that all of the environment variables, and their values, are logged in the Windows Application event log, in plaintext.

Based on this, every interactive user has read+write access to that event log.

I'm currently using environment variables to store all of my application's runtime environment-specific configuration, e.g. database credentials. I'm not particularly worried that they will be compromised as-is, but it would be much better were this info to not be included in the event log in plaintext.

It would fine if an attribute could be added or set on the env elements in the configuration file to indicate that the value for those variables not be included (or even just masked) in the event log.
@oleg-nenashev
Copy link
Member

It makes sense to handle this case in winsw-2.0 with log4net (#73)

@oleg-nenashev oleg-nenashev added this to the winsw-2.0 milestone Feb 1, 2015
@oleg-nenashev oleg-nenashev mentioned this issue Dec 24, 2016
Merged
@kenny-evitt
Copy link
Author

@oleg-nenashev Fantastic! I'll test this when I get a chance; hopefully within a month or two.

oleg-nenashev added a commit that referenced this issue Dec 27, 2016
@oleg-nenashev
Merge pull request #173 from oleg-nenashev/bug/Issue_54_EnvVars_IN_Ev…
098046c 
…entLog

Fixes #54. Do not dump WinSW environment variables to the Event log
oleg-nenashev added a commit that referenced this issue Dec 30, 2016
@oleg-nenashev
Changelog: Noting fixes of #85, #159, #54, #59, and #179 towards 2.0
7d63e7b
@nxtn nxtn modified the milestones: winsw-2.0, 2.0.1, 2.0.0 Mar 25, 2020
@winsw winsw locked as resolved and limited conversation to collaborators Mar 26, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
2.0.0
Development

Successfully merging a pull request may close this issue.

Fixes #54. Do not dump WinSW environment variables to the Event log oleg-nenashev/winsw
3 participants
@kenny-evitt @oleg-nenashev @nxtn