Consider obfuscating secure information

[bobbingwide]

There are instances where tracing could log secret information.This is not a major problem in a development environment but would be an issue in staging or live if the trace files directory is web accessible.

What are the sensible options?

1. Disallow tracing when the trace files directory is publicly accessible.
2. Disable tracing of transactions involving passwords.
3. Filter password values from arrays and objects being traced
4. Something else

[bobbingwide]

The password field on the WordPress login form is called pwd.
At trace startup this may traced as part of the $_REQUEST and $_POST arrays.

wp-content\plugins\oik-bwtrace\includes\class-BW-trace-controller.php(414:0) trace_startup(2) 3 0 2019-12-05T10:00:56+00:00 0.002429 0.000441 cf! 15 1 0 2097152/2097152 256M F=187 _REQUEST Array
(
    [log] => username
    [pwd] => password
    [rememberme] => forever
    [wp-submit] => Log In
    [redirect_to] => https://s.b/wordpress/wp-admin/
    [testcookie] => 1
)

For Add New user, two passwords are sent in pass1 and pass2.

wp-content/plugins/oik-bwtrace/includes/class-BW-trace-controller.php(414:0) trace_startup(2) 8 0 2019-12-05T10:14:31+00:00 0.005290 0.000166 cf! 16 1 0 2097152/2097152 256M F=188 _REQUEST Array
(
    [action] => createuser
    [_wpnonce_create-user] => 2bf2e6ad18
    [_wp_http_referer] => /wordpress/wp-admin/user-new.php
    [user_login] => [email protected]
    [email] => [email protected]
    [first_name] => User
    [last_name] => Name
    [url] => https://example.com
    [pass1] => password
    [pass2] => password
    [role] => subscriber
    [ure_other_roles] => 
    [createuser] => Add New User
) 

The encrypted password is stored in the wp_users table.
Tracing of the saved_queries can reveal this value when a new user is created. e.g. $P$BSXeW6bkh846/3xYHXXXBnPAL10/4b0

[bobbingwide]

Posts can also be password protected.