Plain text passwords showing up in conn dump on crash

Hello, I have a problem in that my architect/cloud-ops person has informed me that plain-text passwords are showing up in the crash dump when our Phoenix requests fail for any reason. We have set the config to hide passwords, and they are being hidden when we log out to iex console, but not in the dump files.

So, my questions are:

  1. We are in dev right now, and we were wondering if we would have this same problem in production?
  2. As a recommended fix, I have been tasked with providing minimal protection (just preventing some support tech at AWS from being able to read the passwords in a dump file?), by base64 encoding passwords before sending them across the wire, and then decoding them before validating/strength-checking etc. My journey down this path has been painfully confusing to say the least, so should this even be an option?
  3. Is it possible/advisable to try to insert a server-side catch for this in the plug pipeline before writes out the conn dump for the error?

Thanks, dave

What type of dump files - Erlang crash dumps? Core dumps?

If your passwords are only used by specific processes, you can enable the sensitive process flag in them to hide the data from Erlang crash dumps. It’s documented here: https://erlang.org/doc/man/erlang.html#process_flag-2

1 Like

The EEF Security WG’s “Secure Coding and Deployment Hardening Guidelines” may have some helpful pointers: Protecting sensitive data and Crash dumps and core dumps

6 Likes

Thanks dom, this should get me on the right track.

Thanks voltone, this will definitely help.