How to Log Crashes in Cowboy Safely

Hi slightly smiling face

Context

We have a Plug app that’s using Cowboy. When Cowboy produces an exception it’s logged to the log file. However the Cowboy log contains headers, which in the future may contain personalised data, such as cookies.

Question

How can we avoid logging potentially personal data?

We considered the following possible solutions but each of them have shortcomings.

Considered (but ultimately flawed) Solutions

Disable Cowboy logs altogether, its problematic because it will hide exceptions altogether.

Possibly use logger_filters http://erlang.org/doc/man/logger_filters.html, although this may have performance ramifications as we’ll need to search a nested data structure.

Use a string parser/inspector which searches for log keys we know that contains sensitive information, but this sounds rather fragile and unmaintainable.

Has anyone solved this issue before, and has a better solution than us?

1 Like