DEV Community

Discussion on: Say Goodbye to console.log from Production environment

Collapse
 
mirkosedda profile image
Mirko Sedda

Hi! Why console.logs are a security risk?

Collapse
 
gulshanaggarwal profile image
Gulshan Aggarwal • Edited

Hey, Mirko! thanks for asking the question. Sometimes you need to console your environment variable values to check why it's undefined or not working, this may cause your credentials at risk.

Collapse
 
dannyengelman profile image
Danny Engelman • Edited

Great, now we can label all SSR code as a 'security risk'

Thread Thread
 
gulshanaggarwal profile image
Gulshan Aggarwal

Hey, I didn't mean that

Thread Thread
 
dannyengelman profile image
Danny Engelman

But you said so.

console.log can log everything the user can access in the Inspector.

console.log can only print unwanted credentials when the back-end provided them, there for you imply everything coming from the back-end is a security risk.

Or saying console.log is a security risk is just stupid.

Thread Thread
 
gulshanaggarwal profile image
Gulshan Aggarwal

I strongly disagree. I didn't mean that at all. Here I just mentioned a situation ,how a user can put his/her credentials on risk.

Collapse
 
mirkosedda profile image
Mirko Sedda

Interesting 😊 thats the only thing that always worked for me 😂

Thread Thread
 
gulshanaggarwal profile image
Gulshan Aggarwal

😂

Collapse
 
visualjeff profile image
Jeff

Maybe for performance reasons? Like it runs on the main thread in the browser...

Collapse
 
gulshanaggarwal profile image
Gulshan Aggarwal

Performance may be a reason 🙄