Logging and Developer Mode
When running
CUE User Manager
in production, developerMode
must
not be set to true
. If you run
CUE User Manager
in developer mode with DEBUG
logging selected,
CUE User Manager
logs curl
commands to represent what it is doing
behind the scenes. These curl
statements contain
complete access tokens and anyone with read access to the server logs
can therefore make requests to the IAM system on behalf of any user.