i implemented my user authentication including the password hashing in mongoose inside a pre-save-hook (see article https://www.mongodb.com/blog/post/password-authentication-with-mongoose-part-1).
Everything works fine, but i discovered a security problem: WiredTiger logs before the hook is executed and therefore i get a log file on the server which includes the password as cleartext.
Is there a possibility to solve this?
Regards, Tobias
via Tobias Stangl
No comments:
Post a Comment