Here is the scenario...
User types his username. Types an "incorrect" password.
Both username and password values are being passed to the Elmah error log
via the Exception.Context.Request.Form["Password"]
.
It's a read-only value and cannot be modified.
And no... I don't want to dismiss the exception (fail). We added ErrorLog Filtering programmatically:
void ErrorLog_Filtering(object sender, ExceptionFilterEventArgs e)
{
if (e.Exception is LogOnException)
{
((HttpContext) e.Context).Request.Form.Remove("Password");
// This is what we want to do, but we can't because it is read-only
}
}
But cannot modify the Request.Form so that the password is hidden from our error log.
Anybody ever encountered a way around this?
I basically want all the error data without the password field. We considered logging it manually but that seemed to be a lot of work compared to simply hiding the sensitive data.
Cheers guys. Thanks in advance.
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…