When the Meteor application starts it reads the environment variable METEOR_SETTINGS. If that exists but isn't valid JSON the app will log the content of METEOR_SETTINGS to the console. In many production systems logs from the application will be forwarded to various logging systems, sometimes third party ones. All credentials in your settings will be leaked if you have any errors in your json.
Use an environment variable to decide if you want to log the entire content of METEOR_SETTINGS, or just log the error message "METEOR_SETTINGS are not valid JSON", without the actual settings. If it defaults to logging the settings it will be backwards compatible (although I think the default should gravitate towards security, I'd rather see this implemented quickly, so no breaking changes is probably better).
The only alternatives I can see as of now is to use another program to validate the JSON before the app starts. This is fairly annoying, especially when using docker since that would expect the app to run as PID 1. One could also parse the logs and only forward logs that aren't settings, but that's just... hard.
Minor changes here would do it.
Good point @datacarl. I'm all for keeping this simple and just changing
throw new Error("METEOR_SETTINGS are not valid JSON: " + process.env.METEOR_SETTINGS);
to
throw new Error("METEOR_SETTINGS are not valid JSON.");
Dumping process.env.METEOR_SETTINGS doesn't really add much value. pull-requests-encouraged - thanks!
Great, will submit a PR!
Landed via https://github.com/meteor/meteor/commit/b6a385dfb2bc1e565bb5c0f5ddf6cdc5796a95df in meteor/meteor#9843. Thanks @datacarl!
I expect this will surface in Meteor 1.7.
Most helpful comment
Landed via https://github.com/meteor/meteor/commit/b6a385dfb2bc1e565bb5c0f5ddf6cdc5796a95df in meteor/meteor#9843. Thanks @datacarl!
I expect this will surface in Meteor 1.7.