[Rygian]

Remember to not log any sensitive stuff though (credit card number in full, cvv, mag stripe, ongoing payment data,...) if you like your PCI audits to go smoothly.

I wonder if this code has proper masking in place for logs. The following line is not reassuring:

    slog.Info("received message", "message", fmt.Sprintf("%x", rawMessage))

[alovak]

It will dump everything for sure. Here I address this by showing how to filter data properly when displaying it: https://alovak.com/2024/08/15/mastering-iso-8583-messages-wi...

``` // to make it right, let's filter the value of CVV field when we output it filterCVV := iso8583.FilterField("8", iso8583.FilterFunc(func(in string, data field.Field) string { if len(in) == 0 { return in } return in[0:1] + strings.Repeat("*", len(in)-1) }))

// don't forget to apply default filter filters := append(iso8583.DefaultFilters(), filterCVV)

err = iso8583.Describe(requestMessage, os.Stdout, filters...) require.NoError(t, err) ```