BuyLog In
Breaking Change T1182871
Visible to All Users

Core - Sensitive data is removed from log files

What Changed

We modified the structure of records that we output to the audit log so that these records do not contain data that may be sensitive. See the list below for information on what log records are affected.

  1. XPObjectSpace.LockingException - The "ClassName: {0}. ID: {1}." format string is replaced with "ClassName: {0}.".
    Set the LogSensitiveDataSettings.XPObjectSpaceLockingException static field to true to use the old string.

  2. PropertyEditor.OnValueStoring - The "'{0}' property editor: new value is '{1}'" format string is replaced with "'{0}' property editor value changed".
    Set the LogSensitiveDataSettings.PropertyEditorValueStoring static field to true to use the old string.

  3. WinWindowText - The "Window closing: {Form.Text}" and "Window closed: {Form.Text}" format strings are replaced with "Window closing: {View.Id}" and "Window closed: {View.Id}".
    Set the LogSensitiveDataSettings.WinWindowText static field to true to use the old string.

  4. WinApplication.ProcessCommandLineArguments - The "Command line arguments" record is removed.
    Set the LogSensitiveDataSettings.WinApplicationCommandLineArguments static field to true to use the old record.

  5. FileDataInfo - The "tempDirectory" and "tempFileName" records are removed.
    Set the LogSensitiveDataSettings.FileDataInfo static field to true to use the old record.

  6. LogActionInfo - The "Context.CurrentObject {object.ToString()}" format string is replaced with "Context.CurrentObject {Guid}" or removed in the case when the key is not of the Guid type.
    Set the LogSensitiveDataSettings.LogActionInfo static field to true to use the old string.

  7. ListPropertyEditor.ReadValueCore - The ListView.CollectionSource.List value is replaced with ListView.CollectionSource.List.GetType().Name in the "ListView.CollectionSource.List" record.
    Set the LogSensitiveDataSettings.ListPropertyEditorReadValue static field to true to use the old value.

  8. SettingsStorageOnString.SetContentFromString - The "Error occurs on parsing key-value string: " record is removed.
    Set the LogSensitiveDataSettings.SettingsStorageLogError static field to true to use the old record.

  9. DetailView.CurrentObject - The "CurrentObject {value}" format string is replaced with "CurrentObject {Guid}" or removed in the case when the key is not of the Guid type.
    Set the LogSensitiveDataSettings.DetailViewCurrentObject static field to true to use the old string.

  10. Exception thrown from the ReportStorageBase.GetReportData method - The "Invalid url '{url}'." string is replaced with "Invalid url".
    Set the LogSensitiveDataSettings.ReportInvalidUrl static field to true to use the old string.

  11. Exception thrown from the SecurityModule.ChangePasswordOnLogon method - the UserName value in the "Insufficient permissions to change password for the '{UserName}' user" record is replaced with the user GUID or "*****" in the case when the key is not of the Guid type.
    Set the LogSensitiveDataSettings.ChangePasswordOnLogonException static field to true to use the old value.

  12. UserName in AuthenticationException - The UserName value in the "Login failed for '{UserName}'." format string is replaced with "*****".
    Set the LogSensitiveDataSettings.AuthenticationExceptionUserName static field to true to use the old value.

  13. XPObjectSpace.GetObjectKey - The ObjectKey value in the "Cannot convert the '{ObjectKey}' value to the type of the '{objectType}' key property type" format string is replaced with "*****".
    Set the LogSensitiveDataSettings.CannotConvertKeyException static field to true to use the old value.

  14. All text of the ValidationException - All validation exception messages are replaced with "Validation failed".
    Set the LogSensitiveDataSettings.ValidationException static field to true to use the old records.

  15. Exception thrown from the UploadComponentBase.Upload method - The FileName value in the "Cannot upload the selected {FileName} file while another file is uploading." format string is replaced with "*****".
    Set the LogSensitiveDataSettings.UploadFileException static field to true to use the old value.

  16. Exception thrown from the StreamService.GetFileStream method - The "Cannot find object with '{objectKey}' key." format string is replaced with "Cannot find object by a key.".
    Set the LogSensitiveDataSettings.GetFileStreamException static field to true to use the old string.

  17. Exception thrown from the LastAdminController.CheckLastAdmin method - The "Cannot find object with '{objectKey}' key." format string is replaced with "Cannot find object by a key."
    Set the LogSensitiveDataSettings.CheckLastAdminException static field to true to use the old string.

  18. Exception thrown from the AuthenticationActiveDirectory.Authenticate method - The "The username ('{userName}') was already registered within the system" format string is replaced with "A user was already registered within the system".
    Set the LogSensitiveDataSettings.RegisteredUserException static field to true to use the old string.

  19. Exception thrown from the BlazorApplication.OnHandleShortcutProcessingException method - The object key value is removed from the "An error occurs while processing a shortcut: {shortcut.ToString()}" record.
    Set the LogSensitiveDataSettings.RegisteredUserException static field to true to use the old record.

  20. Exception thrown from the LockController.CheckLocking method - All object data and view data are removed from the record for the SimultaneousChangeDataMessage exception.
    Set the LogSensitiveDataSettings.LockingException static field to true to use the old record.

  21. Exception thrown from the XafApplication.CreateViewParameters method - Object key value is removed from the "An error occurs while processing a shortcut: {0}: {shortcut.ToString()}" record.
    Set the LogSensitiveDataSettings.ShortcutProcessingException static field to true to use the old record.

  22. Exception thrown from the ViewShortcutSecurityHelper.GetType method - Object key value is removed from the "An error occurs while processing a shortcut: {0}: {shortcut.ToString()}" record.
    Set the LogSensitiveDataSettings.ShortcutProcessingException static field to true to use the old record.

  23. Exception thrown from the QueryableCollection constructor - The used criteria is removed from the "The criteria contains properties that are not supported in Queryable mode (Type: {1}, Criteria: \"{0}\")" record.
    Set the LogSensitiveDataSettings.Criteria static field to true to use the old record.

  24. Exception thrown from the CollectionSourceBase.ApplyCriteria method - The used criteria is removed from the "An error occurs while applying the '{Criteria}' criteria: '{e.message}'" record.
    Set the LogSensitiveDataSettings.Criteria static field to true to use the old record.

  25. Exception thrown from the ObjectHandleHelper.ParseObjectHandle method - The "Invalid handle '{handle}'." format string is replaced with "Invalid handle".
    Set the LogSensitiveDataSettings.InvalidHandleException static field to true to use the old string.

  26. Values in DuplicatedKeyException - Values are removed from the "Item has already been added." record.
    Set the LogSensitiveDataSettings.DuplicatedKeyException static field to true to use the old record.

Reasons for Change

Log files should not contain sensitive data for security reasons.

Impact on Existing Apps

All sensitive data described above will be removed from the application log file.

How to Revert to Previous Behavior

Set the static Tracing.LogSensitiveData to true to enable the previous behavior globally (sensitive data will be written in the log file). Alternatively, assign true to static fields of the DevExpress.Persistent.Base.LogSensitiveDataSettings class to enable the previous behavior for an exact case):

Blazor

C#
// YourSolutionName.Blazor.Server/Program.cs
using DevExpress.ExpressApp;
// ...
    public static int Main(string[] arguments) {
        // Enable the previous behavior globally:
        DevExpress.Persistent.Base.Tracing.LogSensitiveData = true;

        // Enable the previous behavior for a single case:
        // LogSensitiveDataSettings.ValidationException = true;
        // ...
    }
    // ...
}

Web API Service

C#
// YourSolutionName.WebApi/Program.cs
using DevExpress.ExpressApp;
// ...
    public static int Main(string[] arguments) {
        // Enable the previous behavior globally:
        DevExpress.Persistent.Base.Tracing.LogSensitiveData = true;

        // Enable the previous behavior for a single case:
        // LogSensitiveDataSettings.ValidationException = true;
        // ...
    }
    // ...
}

WinForms

C#
// YourSolutionName.Win/Program.cs
using DevExpress.ExpressApp;
// ...
public class Program {
    public static int Main(string[] arguments) {
        // Enable the previous behavior globally:
        DevExpress.Persistent.Base.Tracing.LogSensitiveData = true;

        // Enable the previous behavior for a single case:
        // LogSensitiveDataSettings.ValidationException = true;
        // ...
    }
    // ...
}

ASP.NET WebForms

C#
// YourSolutionName.Web/Global.asax.cs
using DevExpress.ExpressApp;
// ...
public class Global : HttpApplication {
    protected void Application_Start(object sender, EventArgs e) {
        // Enable the previous behavior globally:
        DevExpress.Persistent.Base.Tracing.LogSensitiveData = true;

        // Enable the previous behavior for a single case:
        // LogSensitiveDataSettings.ValidationException = true;
        // ...
    }
    // ...
}

Disclaimer: The information provided on DevExpress.com and affiliated web properties (including the DevExpress Support Center) is provided "as is" without warranty of any kind. Developer Express Inc disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.

Confidential Information: Developer Express Inc does not wish to receive, will not act to procure, nor will it solicit, confidential or proprietary materials and information from you through the DevExpress Support Center or its web properties. Any and all materials or information divulged during chats, email communications, online discussions, Support Center tickets, or made available to Developer Express Inc in any manner will be deemed NOT to be confidential by Developer Express Inc. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.