Hacker News new | ask | show | jobs
by thaumasiotes 1805 days ago
It's pretty common; a lot of places have blanket logging and it hasn't occurred to them to disable it for login attempts. It is obviously undesirable.
1 comments
herbst 1805 days ago
Not sure what you mean.

By default nether Apache nor Nginx log any post data. So with the 2 most popular options you actually have to go out of your way to enable this.

On the application side I mostly know Rails and it redacts even password hashes.

link