logging-log4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Terry Mah <tandt...@yahoo.com>
Subject Re: Password obfuscation
Date Tue, 18 May 2010 19:31:10 GMT
Hello,
Thanks for your suggestion.  I agree one way to encypt the fields is on the incoming request. 
That way if we output the request to log, then fields would already be encrypted.  The issue
is that the requests are coming from a third party and they have already stated that they
do not want to encrypt the fields.  We are using SSL so their already is a level of encryption
at the transport layer and they do not want to have to encrypt individual fields within the
request.

Thanks,

Terry




----- Original Message ----
From: Nikolas Nikou <nikoniko@telehorizon.com>
To: Log4J Developers List <log4j-dev@logging.apache.org>
Sent: Tue, May 18, 2010 1:18:54 PM
Subject: Re: Password obfuscation

Hi Terry,
I don't know how your system works but here is an idea,
why don't you encrypt sensitive information over the net?
Nikolas

στις 18/5/2010 5:39 μμ, O/H Terry Mah έγραψε:
> Hello,
> I do not have any experience in development within log4j, but I am wondering if you could
point me in the right direction.  Currently we are using jetty and axis2 for our SOAP server.
>
> We have a need to NOT log any information if it is a password or account ID.  Since
log4j is mostly used for SOAP requests all passwords and account ID's should follow a basic
set of rules.  (i.e. contained within a SOAP envelope, XML, etc).
>
> Is there a feasible solution where I code alter the log4j code such that I don't have
to modify any other 3rd party app to achieve my goal?
>
> Thanks for the assistance.
>
> Terry
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
> For additional commands, e-mail: log4j-dev-help@logging.apache.org
>
>
>    


      

---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org


Mime
View raw message