FTP Mirror (and probably other actions) Logging - obfuscation of passwords

When logging actions that include sensitive data such as passwords, it would be good if there was an option (even if it is in the “export log to file” action), to hide/disguise that sensitive data.

We usually do make an attempt to avoid logging sensitive information. I just did a quick test with an ftp action and didn’t see my password logged, are you able the share more info (privately) such as the actions you are using, the settings, log output etc so we can narrow down exactly where this is happening?

Hi Vincent,

Thanks for getting back so quickly. Time to 'fess up… Reading it again, it’s not the FTP action that is the problem but logging of a ADO dataset iterator. One of the variables holds the password for the FTP site in question

Completed ADO Dataset Iterator For each FTP site that is due to be mirrored 12:55:06 12:55:06 00:00:00

Query reported 1 rows found
Set [FTPServer] to “65.244.240.195”
Set [FTPPort] to “21”
Set [SiteUserName] to “cwtchbox”
Set [Password] to “*******”
Set [RemotePath] to “/”
Set [LocalPath] to “\apu.cowatch.localnet\duftp\incoming\Worldvest_Da”
Set [SiteDescription] to “Worldvest Daily”
Set [FTPSiteID] to “8”
Set [MirroExcludeRegex] to “”

Is it possible to withhold a variable from being logged, or to ensure that when it is loggede the contents are obfuscated (as I have done above)?

On the Set varaiable action, on the Runtime tab, under Logging Properties, click on the button and then select “Supress log messages” - that will take care of part of it, the other thing you will need to do is modify the action Description(on the General tab) as by default the action shows the new value in it’s description.

We are looking at more automatic ways for masking variables in AT6.

BTW, there is another feature which is not well known, Action Output Monitors which also allow you to suppress values from the log

https://www.finalbuilder.com/resources/blogs/finalbuilder-6-output-monitors

That’s perfect. Thank you.