Right now SSL is a standard, but it is not enough to protect sensitive data. We can make a small mistake that can leak data that should be protected. For example — passwords. Even if you use cryptography to conceal the password bad endpoint design can expose it to a monitoring service or to a logger.
Here is a very common scenario. We decided to introduce the endpoint that will allow our users to restore passwords if they receive a restoration code.
[HttpPut("ChangePassword/{email}/{newPassword}/{code}")]
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[ProducesResponseType(404)]
public IActionResult ChangePassword(string email, string newPassword, string code)
{
// do logic
return Ok();
}
Because I am using Azure in this example I will use Application Insights as a monitoring service for this app.
Let's hit the endpoint and check what we will be able to see in logging:
So as you see, It exposes the password of the user. To prevent this we need to change our Web API endpoint. Instead of using the URL itself, we will put data in the body.
[HttpPut("ChangePassword")]
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[ProducesResponseType(404)]
public IActionResult ChangePassword([FromBody] ChangePassword body)
{
// do logic
return Ok();
}
Let's check the logs!
As you can see all the sensitive data should be put in the body of the request and not in the URL. SSL will encrypt everything but the monitoring service or logger will expose it.
Thank you and be safe!
Oldest comments (0)