Logging Without Leaking Information

How to do that?

Well,

1. Log enough information to debug issues but avoid sensitive data like passwords or session tokens.
2. Use structured logging for easier analysis and to prevent information leakage.
3. Implement log rotation and retention policies to manage log files securely.
4. Regularly review logs for security incidents and anomalies.
5. Ensure logs are secured, and access to them is controlled.
6. Consider using tools like Datadog, ELK Stack, or Sentry for centralized log management.

Example:

function logError(err, req) {
  console.error(`Error in ${req.method} ${req.url}: ${err.message}`);
  // Do not log err.stack or sensitive data here
}

Want to learn more? Check out the OWASP Logging Cheat Sheet