CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
Pages
Terms of Use About Contribute 🧠Logic graph Contact
← Back to glossary

Sensitive Data in Logs

Security PHP 7.0+ Intermediate
debt(d7/e3/b3/t7)
d7 Detectability Operational debt — how invisible misuse is to your safety net

Closest to 'only careful code review or runtime testing' (d7). Semgrep and trufflehog can catch obvious patterns, but most leaks happen via dynamic context arrays (print_r($_POST), exception messages) that static tools miss until logs are reviewed.

e3 Effort Remediation debt — work required to fix once spotted

Closest to 'simple parameterised fix' (e3). Quick_fix is adding a Monolog processor that redacts sensitive keys centrally — one component change, but more than a one-line patch since you need to enumerate keys and wire the processor.

b3 Burden Structural debt — long-term weight of choosing wrong

Closest to 'localised tax' (b3). Once a scrubbing processor is in place, logging discipline becomes a modest ongoing tax — devs must remember not to log raw request data, but it doesn't shape architecture.

t7 Trap Cognitive debt — how counter-intuitive correct behaviour is

Closest to 'serious trap' (t7). The misconception that logs are dev-only contradicts reality (SIEM, third-party aggregators, support access); the 'obvious' debug pattern (print_r($_POST)) is exactly the wrong thing to do.

About DEBT scoring → scored by claude-opus-4-7 · 2026-05-11 · reviewed by human

Also Known As

logging secrets PII in logs credential logging

TL;DR

Logging passwords, tokens, credit card numbers, or PII — log aggregators store data indefinitely and are often less secured than primary databases.

Explanation

Application logs are collected by aggregators (ELK, Datadog, Splunk) where they are stored, indexed, and accessed by many more people than the primary database. Logging request parameters, exception messages containing credentials, or full user objects routinely exposes sensitive data. Structured logging makes this worse — a well-intentioned context object dumps everything. Always explicitly allowlist what gets logged rather than logging everything and filtering after.

Common Misconception

Logs are only seen by developers so sensitive data is acceptable — log aggregators are accessed by devops, security, support teams, and third-party SIEM tools; treat logs as semi-public.

Why It Matters

A password logged in a debug message, then shipped to an external log aggregator, means that password is now stored in plaintext in a system with weaker access controls than the auth database.

Common Mistakes

  • Logging entire request arrays: error_log(print_r($_POST, true)) — captures passwords and tokens.
  • Logging exception messages that include SQL with bound parameters containing user data.
  • Logging full user objects including hashed passwords and API keys.
  • Not masking card numbers — only log last 4 digits: ****1234.

Code Examples

✗ Vulnerable 
// Logs entire POST including passwords:
error_log('Request: ' . print_r($_POST, true));

// Logs exception with credentials in message:
try {
    authenticate($user, $password);
} catch (Exception $e) {
    $logger->error($e->getMessage()); // May contain password
    $logger->debug('Context', ['user' => $user, 'pass' => $password]);
}
✓ Fixed 
// Explicit allowlist — only log safe fields:
$logger->info('Login attempt', [
    'user_id' => $user->id,
    'ip'      => $request->ip(),
    'success' => $authenticated,
    // No password, no token, no PII beyond user_id
]);

// Mask sensitive values:
$logger->debug('Payment', [
    'card_last4' => substr($card, -4),
    'amount'     => $amount,
    // Never: full card number, CVV, or auth token
]);
Added 16 Mar 2026
Edited 5 Apr 2026
Views 35

Curated in Warsaw under one editorial standard. 1,506 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
0 pings T 1 ping W 1 ping T 0 pings F 0 pings S 0 pings S 0 pings M 0 pings T 0 pings W 1 ping T 0 pings F 0 pings S 0 pings S 1 ping M 1 ping T 0 pings W 0 pings T 1 ping F 0 pings S 0 pings S 0 pings M 1 ping T 0 pings W 0 pings T 0 pings F 0 pings S 0 pings S 0 pings M 1 ping T 0 pings W
Agents 0
No pings yet today
PetalBot 1
Amazonbot 7 ChatGPT 4 Google 3 Ahrefs 3 Scrapy 3 Perplexity 2 Unknown AI 2 Claude 2 Bing 1 Meta AI 1 PetalBot 1
Also referenced
Sensitive Data Exposure 64 Structured Logging 58 Insufficient Logging & Monitoring 47 gRPC 36
How they use it
crawler 24 crawler_json 5
Related categories
security 7.9k architecture 3.2k observability 1.7k
DEV INTEL Tools & Severity
🔴 Critical ⚙ Fix effort: Medium
⚡ Quick Fix
Audit your log format and scrub PII before logging — add a Monolog processor that redacts known sensitive keys (password, token, card_number, ssn) from all log context arrays
📦 Applies To
PHP 7.0+ any web cli queue-worker
🔗 Prerequisites
🔍 Detection Hints
Password or token in log context array; credit card number in exception message logged; PII in Sentry error report; email in query parameter logged in access log
Auto-detectable: ✓ Yes semgrep sentry-scrub trufflehog
⚠ Related Problems
🤖 AI Agent
Confidence: High False Positives: Medium ✗ Manual fix Fix: Medium Context: Line
CWE-312 CWE-532
✓ schema.org compliant