Hello, I have a problem in that my architect/cloud-ops person has informed me that plain-text passwords are showing up in the crash dump when our Phoenix requests fail for any reason. We have set the config to hide passwords, and they are being hidden when we log out to iex console, but not in the dump files.
So, my questions are:
- We are in dev right now, and we were wondering if we would have this same problem in production?
- As a recommended fix, I have been tasked with providing minimal protection (just preventing some support tech at AWS from being able to read the passwords in a dump file?), by base64 encoding passwords before sending them across the wire, and then decoding them before validating/strength-checking etc. My journey down this path has been painfully confusing to say the least, so should this even be an option?
- Is it possible/advisable to try to insert a server-side catch for this in the plug pipeline before writes out the conn dump for the error?
Thanks, dave