简体繁体 English

WCF调试记录敏感信息

[英]WCF debug logging sensitive information

原文 2010-12-23 04:25:58 4 2 c#/ wcf/ security/ logging

I am looking into the security implications of having debug logging enabled within WCF, in particular what information it can/will log and whether there are any configurations that can be done to mitigate it. 我正在研究在WCF中启用调试日志记录的安全隐患，特别是它可以/将记录哪些信息以及是否有任何可以执行的配置来缓解它。

Say if we create a DataContract with a Password property that is part of WCF operation, I need to know if the property will be written out in clear text when logging is turned on for requests and responses and whether a service exception at any of the layers would expose any of this. 假如我们创建一个带有作为WCF操作一部分的Password属性的DataContract ，我需要知道在为请求和响应打开日志记录时是否会以明文写出该属性，以及是否在任何层上都有服务异常会揭露任何这一点。

Other considerations are around can SSL or message encrpytion prevent this logging or any special binding configuarations, behaviours or hooks use to intercept and possibly clean the logs. 其他考虑因素可以是SSL或消息加密阻止此日志记录或任何特殊绑定配置，行为或挂钩用于拦截并可能清除日志。

The reason is that the client needs the logs written to disk not to contain their customer passwords as less secure people in the company might read them. 原因是客户端需要写入磁盘的日志不包含其客户密码，因为公司中较不安全的人可能会读取它们。

Thanks 谢谢

2 个解决方案

You have to differentiate MessageLogging and Tracing. 您必须区分MessageLogging和Tracing。 Your sensitive data seems to be part of the message data. 您的敏感数据似乎是邮件数据的一部分。 So when you turn on Message logging, you will see your sensitive data in clear text in your logs. 因此，当您打开消息日志记录时，您将在日志中以明文形式查看敏感数据。

Tracing on the other hand is more about WCF infrastructural events. 另一方面，追踪更多是关于WCF基础设施事件。 Content of your messages won't be logged there. 您的邮件内容将不会记录在那里。

As well with exceptions raised by the WCF runtime: They will never contain any message data. 以及WCF运行时引发的异常：它们永远不会包含任何消息数据。 By default exceptions raised to the client contain absolutely no information because of security considerations. 默认情况下，出于安全考虑，提交给客户端的异常绝不包含任何信息。 You have to explicitly include the data you want to send to the client in an exception case. 在异常情况下，您必须明确包含要发送给客户端的数据。

Im not sure how to intercept the logging and tracing, but WCF is by all means very extendable, so i bet there is an extension point to inject your TracingBehavior somewhere to the framework. 我不知道如何拦截日志记录和跟踪，但WCF无论如何都是非常可扩展的，所以我敢打赌，有一个扩展点可以将TracingBehavior注入到框架的某个地方。

I think you should create a custom listener for the PII information tracing- this a good article on some best practices (section: Logging Sensitive Information) - since it appears you are also using a WebHost. 我认为你应该为PII信息跟踪创建一个自定义监听器 - 这是一篇关于一些最佳实践的好文章（部分：记录敏感信息） - 因为看起来你也在使用WebHost。 I believe regardless of SSL the PII will be written to the logs, but there are ways to prevent unauthorized access. 我相信无论SSL如何，PII都会写入日志，但有办法防止未经授权的访问。