commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From greenman18523 <...@git.apache.org>
Subject [GitHub] commons-lang issue #335: LANG-1400: Add StringUtils.mask() function
Date Sun, 01 Jul 2018 21:09:46 GMT
Github user greenman18523 commented on the issue:

    https://github.com/apache/commons-lang/pull/335
  
    > Just to clarify: maskedStart from this PR corresponds to minMasked from #332 but
the discussion is about adding a maxUnmasked, right?
    
    I don't see a ``maskedStart`` parameters, these are the parameters I see in this PR: ``final
String str, int unmaskedStart, int unmaskedEnd, final char mask``
    If you are referring to ``unmaskedStart``, then this is a parameter with a dual, non-obvious
role, which is not good. There should be different parameters for different roles. If I a
missing something from this PR, please elaborate.
    
    > > some messages are short and contain one time passwords
    
    > it doesn't need for a masking at all. Short term generated values, OTPs and tokens
like OAuth access_token (but not refresh_token) are safe to write to logs. If hacker stole
logs we will have nothing to do with the data.
    
    No, you must not write any sensitive data, even if they are valid for half a nanosecond.
Every tiny info a 3rd party gains gives them more leverage on how to further proceed. Hackers
don't always steal old logs, they can live monitor your logs also! For OTPs, there should
be different endpoints where logging of messages is disabled. But, just in case something
like that goes through the main channels. 30 is a best-effort estimation, based on the currently
seen patterns for OTPs.
    
    >  a new parameter maxUnmasked may be not so useful in real life but confusing.
    
    I am referring to a ``minMasked`` parameter, which by it's name states it's purpose. Which
is the absolute minimum number of characters that must be masked.


---

Mime
View raw message