commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "D Green (JIRA)" <j...@apache.org>
Subject [jira] [Created] (LANG-945) ToStringBuilder can expose passwords and other sensitive data in logs
Date Tue, 07 Jan 2014 10:58:52 GMT
D Green created LANG-945:
----------------------------

             Summary: ToStringBuilder can expose passwords and other sensitive data in logs
                 Key: LANG-945
                 URL: https://issues.apache.org/jira/browse/LANG-945
             Project: Commons Lang
          Issue Type: New Feature
          Components: lang.builder.*
            Reporter: D Green


We just noticed ToStringBuilder was exposing passwords in our logs - would be nice to have
a way of either ignoring or obfiscating the value of fields either by passing in a vararg
to the builder or having an annotation to do this.

Also, 'password' could possibly always be obfiscated by default?





--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message