I mean this sounds like a "you'll never have a bug if you just program well" argument.
Whoever created the login system probably is a different person than who added the logging system. Perhaps the logging system should've discarded login attempts or masked the credentials but there's probably a dozen ways to login and they'd need to know all of them and possible futurely added ones.
It seems a bit more practical to have the system send a safer version of a parameter to the server instead.
Whoever created the login system probably is a different person than who added the logging system. Perhaps the logging system should've discarded login attempts or masked the credentials but there's probably a dozen ways to login and they'd need to know all of them and possible futurely added ones.
It seems a bit more practical to have the system send a safer version of a parameter to the server instead.