With the release of our CSS Framework, Platform UI, it might be fun to actually build something with it! At RitterIM, we have an interna...
CSS Frameworks Static SitesIt’s been a few years, several great people, an awesome company, and a cool thing we made 😀 Once upon a time, we had a mixed bag of fram...
CSS Frameworks RIMdevI’m a huge fan of animation on the web, especially when it comes to user interaction. A simple way to include such a thing on webpages is...
CSS SCSS JavaScript UI/UX frontendI dedicate this blog post to all the QA testers that expose all the flaws in my code. For a few years now I thought I had it all figured...
CSS SCSS Mobile UX UI/UX frontendOne of the perks being with Ritter, and on the dev team, is you can choose the hardware that makes you happy and productive! Team members...
macOS RIMdevAs a technical writer, I create software documentation. But many times, I find myself looking at in-product copy and wondering about cont...
Documentation Technical writing UX writing Content designDocs and contextual help We recently started a push towards integrating Docs content into our software platform. The goal is to pull in...
Documentation Hugo XML RSSHave you ever wanted to change the value of a Sass variable based on screen size, a state, or for any other reason that might require cha...
css SassEver been confused about naming a branch with Git? Looking for a good naming convention? Well, I might have an answer for you. I’m not sa...
GitHubWe often use GitHub to create a compare view, and list pull requests (PRs) for releases. However, GitHub limits the number of commits you...
Documentation GitHub GitUsing our Hugo-based documentation site, we typically publish release notes once per week. My usual process includes the following: M...
Documentation Hugo ArchetypesAs someone who basically gets by when it comes to writing Javascript, I tend to look at things from a “I bet I could do this with CSS” st...
CSS SCSS Mobile UX UI/UX frontendThis is an updated post of the original here. Whether you’re new to the frontend at RIMdev or looking for more about our Frontend team...
Team RIMdev FrontendIf you’ve ever worked in Azure Data Studio, you may find tab colors very useful. They allow you to visually separate different connectio...
Documentation Azure Data StudioIf you’re not familiar with Platform UI, it’s a utility rich CSS framework we created. As we look to migrate all of our apps and static ...
UI UX CSS SassGet ready to celebrate because, as of Friday, September 18, 2020, Evan You, creator of Vue.js, announced Vue 3 is officially released. He...
vue3 frontend developmentTypically with ASP.NET Core 3.1 when no specific authorization requirements are set all endpoints are publicly accessible. When you’re wo...
asp.net coreIf you have used slots in Vue, you know that it provides a clean way to vary content that is displayed in child components. For example, ...
VueJS Slots Scoped Slots JavaScriptWe’ve been using Swagger via Swashbuckle for some time with our ASP.NET Full Framework applications. As we’re moving toward ASP.NET Core ...
asp.net coreWe’ve spotted some strange behavior before with ASP.NET Core and JSON serialization/deserialization, and I eventually made it back to try...
asp.net coreWe use Microsoft Azure Application Insights in our web applications. It logs tons of useful data about our applications, including web requests and requests to dependencies like databases. We also use Elasticsearch communicating over HTTPS. When an Elasticsearch url contains a password (https://user:[email protected]) we found it is logged to Application Insights in cleartext.
That said, here’s how to redact the password from any urls containing passwords:
Here’s an ITelemetryProcessor implementation that redacts passwords from HTTP and HTTPS urls.
using Microsoft.ApplicationInsights.Channel;
using Microsoft.ApplicationInsights.DataContracts;
using Microsoft.ApplicationInsights.Extensibility;
using System.Text.RegularExpressions;
namespace WebApplication
{
public class RemoveHttpUrlPasswordsTelemetry : ITelemetryProcessor
{
private static readonly Regex removePasswordRegex =
new Regex(@"http(s)?:\/\/.+:(?<password>.+)@", RegexOptions.IgnoreCase | RegexOptions.Compiled);
private readonly ITelemetryProcessor next;
public RemoveHttpUrlPasswordsTelemetry(ITelemetryProcessor next)
{
this.next = next;
}
public void Process(ITelemetry item)
{
var request = item as DependencyTelemetry;
if (request != null && request.Type == "Http")
{
#pragma warning disable CS0618 // Type or member is obsolete
request.CommandName = RemovePasswordFromUrl(request.CommandName);
#pragma warning restore CS0618 // Type or member is obsolete
request.Data = RemovePasswordFromUrl(request.Data);
}
next.Process(item);
}
private static string RemovePasswordFromUrl(string url)
{
var match = removePasswordRegex.Match(url).Groups["password"];
if (match.Success)
{
url = url.Replace(match.Value, "REDACTED");
}
return url;
}
}
}
Next, use the RemoveHttpUrlPasswordsTelemetry class with Application Insights. There’s ASP.NET and ASP.NET Core examples at https://docs.microsoft.com/en-us/azure/azure-monitor/app/api-filtering-sampling#filtering-itelemetryprocessor.
This can help raise your security by not storing passwords in logs!
