> I don't think the idea here was to ever make the stack traces *safe*, > just to redact the most obvious things to reduce the risk if someone > carelessly posts a stack trace publicly. > > Personally, I think the "Java model" as exemplified in > https://gerrit.wikimedia.org/r/#/c/92334/ PS3 goes too far in the > other direction. In this case, an option to log unredacted traces that > I could enable on my local test wiki would be useful.
I think Ori's original point stands though. Configuration could be used to redact fully / not redact at all for local debugging purposes. But a black list for what to redact is bad for all the reasons black lists are bad security in general. _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
