We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
In my opinion security relevant SDKs like the cidaas-android-sdk should not log any information.
However, there seems to be a few logging mechanisms (Log, Timber, LogFile) spread all over the sdk source.
I'm using "com.github.Cidaas:cidaas-android-sdk:3.2.9".
This class is even logging the AccessToken as (encrypted and base64 encoded) string: de.cidaas.sdk.android.helper.converter.EntityToModelConverter
de.cidaas.sdk.android.helper.converter.EntityToModelConverter
-> It contains the line Log.d("Encypted Strng", encryptedString);
Log.d("Encypted Strng", encryptedString);
The text was updated successfully, but these errors were encountered:
No branches or pull requests
In my opinion security relevant SDKs like the cidaas-android-sdk should not log any information.
However, there seems to be a few logging mechanisms (Log, Timber, LogFile) spread all over the sdk source.
I'm using "com.github.Cidaas:cidaas-android-sdk:3.2.9".
This class is even logging the AccessToken as (encrypted and base64 encoded) string:
de.cidaas.sdk.android.helper.converter.EntityToModelConverter-> It contains the line
Log.d("Encypted Strng", encryptedString);The text was updated successfully, but these errors were encountered: