2

I have a simple web server (in python) with some API endpoints, and an HTML page with a form. When a user submits the form, the form data is sent to the web server via an ajax POST call via jquery. The API endpoint is HTTPs.

For one of the API endpoints, one of the parameters it takes is a password. I suppose the data transfer itself (from browser --> server) is secure as the POST is being done over https (and all the validation is being done on the server). However, I'd like to be able to obfuscate the password such that it will not show up in console logs. (Example - the javascript function which actually makes the api call, is a general function which can post to any endpoint. In a debug mode this function will dump the post json it's about to send. So in the case you're calling the endpoint which takes the password, the password would show up in plaintext in the log.)

I was just curious if there is a best practices way to achieve this? Something not overly complicated? Is it best to encrypt in the browser then decrypt in the server? Or a way to just make the logs show *** ? Note - I'm not concerned about the data being intercepted between browser and server, this is just about preventing anything showing up in the console logs in plaintext.

ffConundrums
  • 765
  • 9
  • 24

2 Answers2

1

Don't log it.

As you said, the data is safe in the transport. If the issue is just with the logs, simply fix the logs so you're not logging sensitive data.

It's also important that your log files are kept as secure as the rest of your system. A great deal of security-related information can be derived from raw log files.

Brad
  • 159,648
  • 54
  • 349
  • 530
  • I can fix the logs for now and just not log it. But another worry I had was, lets say somewhere in the future, someone innocently adds a print in the server which dumps the payload. Anyone who now visits the site is having their password exposed in plaintext. Even if the logs are secured it's now visible to that person who made the change. I guess the idea is that - if they were nefarious and have access to the code base, they could always change up anything they want to get that info. I'm more worried about an innocent change that ends up revealing the passwords to someone. – ffConundrums Nov 20 '18 at 16:12
  • 1
    side note - good point about securing the logs in general, I hadn't put much thought in to this, which is something I will do now. – ffConundrums Nov 20 '18 at 16:13
  • 1
    @ffConundrums Adding a layer of obfuscation doesn't change that fact. If someone breaks your code and dumps out secrets, that's what happens. All you'll do with layers of obfuscation is make development harder while adding a false sense of security. – Brad Nov 20 '18 at 16:13
  • thanks. What you're saying is the perspective I'd started reading about after I posted this. Maybe I just need to digest the perspective a little more. – ffConundrums Nov 20 '18 at 16:16
-1

If the communication is already HTTPS and you are not worried about the data being intercepted, then you can probably use something like serialization:

$(your_password_field).serialize();

Another idea is, if you are using some framework with your Python Server, check their documentation. This post, for example, shows how to use serialization with Django:

https://simpleisbetterthancomplex.com/tutorial/2016/08/29/how-to-work-with-ajax-request-with-django.html

There is also an interesting discussion here:

SSL Alternative - encrypt password with JavaScript submit to PHP to decrypt

Bruno Monteiro
  • 4,153
  • 5
  • 29
  • 48