—

Why it Matters

Logs are often used for debugging and monitoring, but if they contain sensitive data such as passwords, API keys, credit card numbers, or personal details, they become a liability. Attackers who gain access to log files can harvest this data and use it for fraud or account takeover.

Sanitizing logs ensures only safe, useful information is recorded. By redacting or removing sensitive values before writing them, you keep logs helpful for troubleshooting without creating a new source of data leakage. This also supports compliance with privacy regulations like GDPR and PCI DSS.

Verification Steps

# Review log files for sensitive data
grep -R "password" var/log
grep -R "token" var/log
grep -R "card" var/log

# Review custom code for logging raw request/response data

Remediation / Fix Guidance

1. Never log full passwords, tokens, or payment data.
2. Mask sensitive values before logging (e.g., show only last 4 digits of a card number).
3. Use Magento’s logging framework, which supports sanitization plugins.
4. Review custom modules to confirm they filter logs correctly.
5. Restrict log access to trusted administrators only.

Examples

// Unsafe logging
$this->logger->info("Login failed for user $email with password $password");

// Safe logging
$this->logger->info("Login failed for user $email");
// Password not included

References

• OWASP Top 10 — A09: Security Logging and Monitoring Failures
• OWASP — Sensitive Data Exposure