commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LANG-1400) StringUtils: Add method for masking strings
Date Mon, 25 Jun 2018 20:02:00 GMT

    [ https://issues.apache.org/jira/browse/LANG-1400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16522744#comment-16522744
] 

ASF GitHub Bot commented on LANG-1400:
--------------------------------------

Github user stokito commented on the issue:

    https://github.com/apache/commons-lang/pull/335
  
    Hi @greenman18523 
    > would you consider an extra parameter, to clearly specify the minimum number of masked
characters?
    For those use cases which I mentioned (masking credit cards and passwords) this looks
not needed for me. Maybe you know some cases when this may be needed?
    
    As I understood you are telling about more safety and do not unmask any symbol if incoming
string is too short while implementation which I proposed will try to show at least some symbols
from start.
    For example `mask("123456", 4, 4) = "12****"` which makes hidden symbols more guessable.
    But, to be honest, if someone uses so short password then it doesn't matter if it will
be shown.
    
    Another solution in this case we can mask everything when str len is 6 < unmaskendStart
4 + unmaskedEnd 4. I.e.  `mask("123456", 4, 4) = "******"`. This is easier to understood but
in the same time it still may be useful to unmask at least something but I don't think it's
so critical.
    What do you think about this proposition? E.g. 
    ```
    mask("12345678", 4, 4) = "********"
    mask("123456789", 4, 4) = "****5****"
    mask("1234567890", 4, 4) = "****56****"
    ```
    
    I hope that `unmaskedStart` and `unmaskedEnd` in real life will be always reasonable (1-6)
and the incoming string will be always bigger. We can actually restrict passing strings less
that some length  and throw an exception. 
    But from possible use cases it looks that `mask()` function should be failsafe because
it may be used just for logging of external input which can be anything and we shouldn't break
it's processing. I even think about returning an empty string if null was passed.
    
    Also we have to think about performance because I expect that the function will be widely
used for in logging filters for any incoming request.


> StringUtils: Add method for masking strings
> -------------------------------------------
>
>                 Key: LANG-1400
>                 URL: https://issues.apache.org/jira/browse/LANG-1400
>             Project: Commons Lang
>          Issue Type: Improvement
>          Components: lang.*
>            Reporter: Sergey Ponomarev
>            Priority: Minor
>
> It would be great to have a function which allows to mask the original str by replacing
it's
> characters with the specified character-mask. For eaxmple to mask credit card:
> {code}
> mask("3566002020360505", 4, 4, '*') = "3566********0505"
> {code}
> Thus the number was hidden by asterisks while first and last four digits are unmasked
and seen.
> Common use case is to hide sensitive information from logs, by using it in toString()
of classes or in inputs to log calls.
> I think this is "must have" functionality for Commons Lang library because from my experience
in almost all bit projects what I saw was their home grown masking function.
> I think this is very important also because this is required for masking credit card
numbers by PCI compliance. Also new GDPR rules requires to hide personal info as much as possible
so masking of First and Last names now is required by laws.
> To make the world safer place the utility for masking should be already existing in platform
to avoid situations when developer think  "this is better to mask but I don't have enough
time now so let's do this latter" until leak happens.
> IMHO this should be implemented even in `String` class itself.
> From my experience what I saw was usually few masking usages and styles:
> 1. masking of passwords and names: only first and last symbols are shown, mask char is
`*`
> 2. masking of credit cards: only first and last 4 or 6 symbols are shown, mask char is
`*`.
> 3. credit card number shortest masking of last symbols i.e. `mask("4242424242424242")
== " *4242"` but it's not so often used, I just wanted to mention.
> 4. not masking but showing a length just so see that value was passed. This can be easily
achieved by usual `String.legth()` method.
> There is already some pull request [https://github.com/apache/commons-lang/pull/332]
but I decided to create the ticket because we also need to support masking for ToStringBuilder
and I would like to propose [PR with my own implementation of mask() function|https://github.com/apache/commons-lang/pull/335].
> If you accept my PR then I'll send another one with a new annotation @ToStringMasked
in accordance to [@ToStringExclude|https://commons.apache.org/proper/commons-lang/apidocs/org/apache/commons/lang3/builder/ToStringExclude.html]
which will mark that fields should be masked. Possible usage I see like:
> {code}
> @ToStringMasked(unmaskedStart = 4, unmaskedEnd = 4) 
> String creditCardNumber;
> @ToStringMasked(unmaskedStart = 1, unmaskedEnd = 1) 
> String password;
> {code}
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message