[deallocator]

At work one of our most commonly used libraries prints it's connection string (including the plain text password, username and database) in the log files on debug level (which I often see as the configured level). When I pointed it out they told me it was intentional, and that attackers wouldn't go to the log files anyway if they could acces the system. I gave up on the discussion at that point

[ComodoHacker]

I was about to suggest you should've reported that to CSO, then I realized most probably you don't have one.

[deallocator]

Should probably clarify I'm not talking about client passwords being logged; just the credentials required to read just about anything in the database

[KeitIG]

Maybe you should explain them there is a reason why passwords input is hidden in terminals: to avoid them being kept in ~/.bash_history.

It is exactly the same problem.

[ComodoHacker]

There's another argument that might work in GP's case. A fair share of successful attacks were successful not because the attackers actually broke something on their well-guarded target. But because they used credentials obtained from other poorly defended systems.

[anf]

You should quit. I know you have reasons, but continuing to work at a place like this is not ethical.

[inteleng]

Quitting is also slightly unethical.

[anf]

fair point. my thoughts were that spending your time building $10 widgets and getting paid $5 by someone who is negligent with their use of people's passwords is akin to working for a company that pollutes public waters: some of your paycheck is "tainted" by the dangers you put others into, and you are smart enough to understand it. in that sense, quitting seems like a non-act, because you stop acting unethically.

I'm guessing you're referring to someone's ability to actually fix it -- in the case of logs, you can make a pretty simple regex to strip out all kinds of PII, and there really are a lot of arguments (e.g. proactively reducing cost of security audits -- if someone is reviewing your logs to figure out what happened, they might not want to see customer data).

[Grangar]

If anything I'd vouch for leaking to a data protection watchdog if nothing gets done about it.

[struppi]

Quitting is not unethical at all. You are not required to stay with any company.

[anf]

If you can prevent a company from acting unethically and you have the capacity to do so, are you not ethically obligated to try?

(switching sides of argument, I know)