How a Python exception handler silently leaked tenant secrets to production logs

·1 views

A production incident exposed tenant configuration secrets in plain text logs after a sensitive config object was interpolated into an exception message string. The root cause was not the 'raise e' statement itself, but the fact that Python frameworks like dataclasses and Pydantic auto-generate detailed __repr__ outputs that include all fields, including API keys and tokens. When the config object was embedded in an f-string error message, its full repr was baked into the exception before any logging occurred. A code path change introduced by a new feature deployment connected three pre-existing conditions — a sensitive object in scope, string interpolation into exceptions, and exception-capturing logging — for the first time. The incident went undetected for two days, highlighting how such leaks can remain dormant until the right runtime conditions align.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

New Databricks Tool Bars LLMs from Doing Cost Arithmetic to Prevent Financial Errors

A developer has released a cost-analysis tool called databricks-cost-leak-hunter, part of the databricks-pack v2 rebuild on the claude-code-plugins marketplace, designed to identify spending inefficiencies in Databricks workspaces. The tool's core design principle is that the AI model is architecturally prevented from performing any dollar calculations itself, as LLM-generated financial figures can be plausibly wrong while appearing credible and well-formatted. Instead, all monetary values are derived directly from the customer's own billing tables by joining system.billing.usage with system.billing.list_prices via SQL, ensuring figures reflect what Databricks actually charged. The skill also includes a fail-fast permission check that halts execution and returns precise remediation steps if the required data access grants are missing. The tool received a grade of B (88/100) from the marketplace validator with zero errors reported.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

What Hiring Managers Really Evaluate in the First Call After Your CV Clears

When a CV passes initial screening, many developers prepare heavily for technical questions, but the first call typically focuses more on communication style and collaboration fit than coding ability. Engineering leads use this conversation to assess whether a candidate can explain decisions clearly, handle ambiguity, and understand how remote contractor work operates. Candidates often lose ground not on technical skills but on rhythm — either over-preparing rehearsed answers or failing to engage in a natural, two-way dialogue. Reassuring interviewers about timezone availability tends to backfire, as remote teams prefer hearing concrete examples of how a candidate has managed asynchronous work in the past. The strongest calls feel like a mutual problem-solving conversation, where the candidate asks informed questions and treats the exchange as a two-way assessment rather than a one-sided test.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Solo Developer Uses Browser LocalStorage to Power Tag System in Chrome Extension

A solo developer building a Chrome extension called Tab Reminder encountered challenges managing user-scheduled tabs with a simple key-value storage approach. To address this, they implemented a tag-based categorization system using the browser's localStorage API, linking user-defined tags to specific tabs. The solution relied on a combination of JavaScript arrays and objects to enable efficient querying and updating of stored data. This approach allowed users to better organize and prioritize their scheduled tabs within the extension. The developer shared the experience as a practical lesson in thoughtful data management, even for small utility tools.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer builds browser-only JSON toolkit using WebGPU to keep data private

A developer created JSONForge, a browser-based JSON toolkit that processes all data locally without sending it to any server, addressing privacy concerns around widely used online JSON formatters. The tool leverages WebGPU to offload heavy parsing, formatting, and diffing tasks to the GPU, keeping the browser responsive even with large files. JSONForge includes features such as visual diff comparison, real-time schema validation, and an in-browser schema inference engine powered by a small local model. Because no network requests are made for core functionality, the tool works fully offline, making it usable in low-connectivity environments. The developer released it as a paid product to ensure long-term sustainability.

0 comments Read more at DEV Community