logging-log4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bender Heri <hben...@ergonomics.ch>
Subject RE: Password obfuscation
Date Wed, 19 May 2010 08:07:15 GMT
If you have full rights about your logger configuration you can either write your own Renderer(s)
which filters out the sensitive information within one log statement, or you apply a self
written Filter in order to block the log statement entirely if it contains sensitive information.
Heri

> -----Original Message-----
> From: Terry Mah [mailto:tandtmah@yahoo.com]
> Sent: Tuesday, May 18, 2010 9:31 PM
> To: Nikolas Nikou; Log4J Developers List
> Subject: Re: Password obfuscation
> 
> Hello,
> Thanks for your suggestion.  I agree one way to encypt the fields is on the incoming
request.  That
> way if we output the request to log, then fields would already be encrypted.  The issue
is that the
> requests are coming from a third party and they have already stated that they do not
want to encrypt
> the fields.  We are using SSL so their already is a level of encryption at the transport
layer and
> they do not want to have to encrypt individual fields within the request.
> 
> Thanks,
> 
> Terry
> 
> 
> 
> 
> ----- Original Message ----
> From: Nikolas Nikou <nikoniko@telehorizon.com>
> To: Log4J Developers List <log4j-dev@logging.apache.org>
> Sent: Tue, May 18, 2010 1:18:54 PM
> Subject: Re: Password obfuscation
> 
> Hi Terry,
> I don't know how your system works but here is an idea,
> why don't you encrypt sensitive information over the net?
> Nikolas
> 
> στις 18/5/2010 5:39 μμ, O/H Terry Mah έγραψε:
> > Hello,
> > I do not have any experience in development within log4j, but I am wondering if
you could point me
> in the right direction.  Currently we are using jetty and axis2 for our SOAP server.
> >
> > We have a need to NOT log any information if it is a password or account ID.  Since
log4j is mostly
> used for SOAP requests all passwords and account ID's should follow a basic set of rules. 
(i.e.
> contained within a SOAP envelope, XML, etc).
> >
> > Is there a feasible solution where I code alter the log4j code such that I don't
have to modify any
> other 3rd party app to achieve my goal?
> >
> > Thanks for the assistance.
> >
> > Terry
> >
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
> > For additional commands, e-mail: log4j-dev-help@logging.apache.org
> >
> >
> >
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
> For additional commands, e-mail: log4j-dev-help@logging.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org


Mime
View raw message