copper-tone-tech/web-hosts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
web-hosts/domains/coppertone.tech/audit-reports/security-audit/logging-20251123-092507.txt
Derek Williams c7d6786039 Add full web-hosts state
2025-12-26 13:38:04 +01:00

20 lines
2.1 KiB
Plaintext
Raw Permalink Blame History

# Logging Audit - 20251123-092507
== Sensitive Data in Logs ==
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:118: log.Printf("SECURITY: IP/email %s locked out after %d failed attempts", key, info.count)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:315: http.HandleFunc("/login-email-password", handleLoginEmailPassword)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:364: log.Println("WARNING: JWT_SECRET is less than 64 characters. Consider using a longer secret for production.")
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:787: log.Printf("SECURITY: Failed login attempt for email %s from IP %s (wrong password)", req.Email, clientIP)
== PII in Logs ==
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:34:// rateLimiter tracks login attempts per IP/email
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:118: log.Printf("SECURITY: IP/email %s locked out after %d failed attempts", key, info.count)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:315: http.HandleFunc("/login-email-password", handleLoginEmailPassword)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:776: log.Printf("SECURITY: Failed login attempt for email %s from IP %s (user not found)", req.Email, clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:787: log.Printf("SECURITY: Failed login attempt for email %s from IP %s (wrong password)", req.Email, clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:831: log.Printf("SECURITY: Failed blockchain login for address %s from IP %s (invalid signature)", req.Address, clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:846: log.Printf("SECURITY: Failed blockchain login for address %s from IP %s (not registered)", req.Address, clientIP)
== Structured Logging ==
168
unstructured log calls found (consider structured logging)
Reference in New Issue View Git Blame Copy Permalink