cayenne-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Gentry <blackn...@gmail.com>
Subject Sensitive Logging
Date Wed, 19 Jul 2017 12:28:00 GMT
Right now, everything is logged.  It would be useful to be able to
configure certain column values to not be logged, especially in a
production environment.  The main use case for this would be PII
(Personally Identifiable Information -- passwords, birthdays, social
security numbers, etc).  Arguably, that information should be
hashed/encrypted, but it is still not something you'd want leaked into a
log file.  Whenever a value isn't to be logged, put "[skipped]" in the log
output.

I think it should work something like this:

DataMap:

Add a "Sensitive Logging" checkbox.  Perhaps right under the "Optimistic
Logging" checkbox.  Default = ON.


DbEntity / Entity Tab:

Add a "Sensitive Logging" checkbox (basically mirroring the ObjEntity
"Optimistic Logging" checkbox).  Default = ON.


DbEntity / Attributes Tab:

Add a "Sensitive Logging" checkbox column (beside PK and Mandatory).
Default = OFF.  (OFF means log the value normally.  ON means conditionally
log per behavior below).


Upgrading older models:

Default DataMap and DbEntity to ON.  Leave DbEntity attributes OFF.


Behavior:

skipped =
    DataMap.ON &&
    DbEntity.Entity.ON &&
    DbEntity.Entity.Attribute.ON &&
    Log.Level > DEBUG

if skipped
    log [skipped]
else
    log value


In a production environment, log levels are typically
INFO/WARN/ERROR/FATAL, so factor that into the skipping equation. When
developing, log levels are typically DEBUG/TRACE, and in that case, log the
value.

Also, given that all of the above can be changed at run-time, it allows
flexibility in a production environment to turn the sensitive logging
on/off through admin interfaces should the need arise.

Thoughts?

Thanks,

mrg

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message