status-mobile/doc/decisions/0007-masking-sensitive-data.md
Siddarth Kumar b074e9c58e
moving security from status-im ns to root utils (#14567)
making a lint a fix

update old decision doc

fixing issues while poorly rebasing

fix incorrect ns imports
2022-12-20 17:56:21 +05:30

42 lines
1.3 KiB
Markdown

# 0007. Masking Sensitive Data
| Date | Tags |
|---|---|
| 2018-05-22 | e.g: architecture, security |
## Status
Proposed
## Context
We have some data that we don't want to appear in the logs (user passwords are
a good example). Currently, they are passed around as strings, that could be
printed out by mistake in a log entry (see https://github.com/status-im/status-mobile/issues/4053)
## Decision
To minimize the risk of leaking passwords through logs, we should not pass
passwords as strings in our codebase. We introduced a new type `MaskedData` in
`status-im.utils.security`.
update (16-Dec-2022) `status-im.utils.security` is now moved over to `utils.security.core`
We use `(security/mask-data <data to hide>` to wrap sensitive data into this
type and then use `(security/unmask <masked-data>)` to get the plaintext back.
It is important to keep that sensitive data masked as much as possible, until
you need the plaintext to pass to the extenral APIs.
Example:
```clojure
(println (security/mask-data "my-plaintext-password")) ;; Outputs "******"
(println (security/unmask (security/mask-data "my-plaintext-password"))) ;; Outputs "my-plaintext-password"
```
## Consequences
Tradeoffs:
- developers need to be aware of this type and have a clear separation where do
we use plaintext and where do we use masked datak