82 views
# Private data leaks in logs Post-Mortem ## Date 19-10-2018 ## Authors * maxr ## Status Complete, action items in progress ## Summary Desktop nightly builds dumped into logs all texts appeared on application window surface during running time. Logs files are saved locally, but not encrypted. Crash reports can include log file, but files doesn't have public access. ## Impact Accounts of users who shared log files can be compromized. ## Root Causes [Commit](https://github.com/status-im/react-native-desktop/commit/620999525114877eb2c2107588dc1b3d27e3904b) into react-native-desktop introduced logging of all ui elements props to simplify crashes and others issues catching. ## Trigger Status desktop app redirects all debug output from react-native-desktop and 3rd parth native modules to the log file. ## Resolution [Commit](https://github.com/status-im/react-native-desktop/commit/74fb94bb000ea307345f85b5612b35318447c3f2) into react-native-desktop removes logging of props values. ## Detection During reviewing of PR have realized that desktop logs might contain large amount of critical data. ## Action Items | Action Item | Type | Owner | Bug | | ----------- | ---- | ----- | --- | | Remove critical data from logs | mitigate | maxr | [Commit](https://github.com/status-im/react-native-desktop/commit/74fb94bb000ea307345f85b5612b35318447c3f2) **DONE** | ## Lessons Learned ### What went well ### What went wrong ### Where we got lucky ## Timeline ## Supporting Information