I’m implementing a websocket endpoint and planning to use a token-based authentication to allow connections to the socket.
If I am using wss and thus a TLS tunnel, do I need to be concerned about the token leaking if the token used for authentication is in the params and thus in the logs as follows:
[info] CONNECTED TO MyAppWeb.UserSocket in 10ms
Transport: :websocket
Serializer: Phoenix.Socket.V1.JSONSerializer
Parameters: %{"token" => "123", "vsn" => "1.0.0"}
As an alternative, I considered putting it in the query param since proxies do not have access to the URL when there is a TLS tunnel, but I am using a token generated by Keycloak that may be too long as a query param.
That depends on your threat model, are you expecting that your server logs will be leaked somehow? Or that your server will be broken into? If that happens, do you have bigger problems than the logs?
Of course, it’s better not to log them (one less thing to worry about). Since that logging is on level info, then by default in production it won’t be logged – Phoenix defaults to only logging error level messages. Though those might contain sensitive data as well, so it’s not a good idea to leave your logs unprotected.
I think there is a way to change the logging to filter things out of error logs, but I don’t know it offhand. Maybe a custom Logger backend?
