Return-Path: Delivered-To: apmail-logging-log4j-dev-archive@www.apache.org Received: (qmail 2340 invoked from network); 19 May 2010 08:07:55 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 19 May 2010 08:07:55 -0000 Received: (qmail 68632 invoked by uid 500); 19 May 2010 08:07:55 -0000 Delivered-To: apmail-logging-log4j-dev-archive@logging.apache.org Received: (qmail 68505 invoked by uid 500); 19 May 2010 08:07:53 -0000 Mailing-List: contact log4j-dev-help@logging.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Log4J Developers List" Reply-To: "Log4J Developers List" Delivered-To: mailing list log4j-dev@logging.apache.org Received: (qmail 68497 invoked by uid 99); 19 May 2010 08:07:53 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 May 2010 08:07:53 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=10.0 tests=AWL,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of hbender@ergonomics.ch designates 195.112.81.56 as permitted sender) Received: from [195.112.81.56] (HELO smtp.ergonomics.ch) (195.112.81.56) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 May 2010 08:07:47 +0000 Received: from localhost (localhost [127.0.0.1]) by smtp.ergonomics.ch (Postfix) with ESMTP id 3A1C6200B4 for ; Wed, 19 May 2010 10:07:43 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ergonomics.ch Received: from smtp.ergonomics.ch ([127.0.0.1]) by localhost (ergonomics.ch [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XCk5eRjRidr4 for ; Wed, 19 May 2010 10:07:34 +0200 (CEST) Received: from mars.bahamas.ergo (mars.bahamas.ergo [192.168.0.14]) by smtp.ergonomics.ch (Postfix) with ESMTP id 4DBC220166 for ; Wed, 19 May 2010 10:07:34 +0200 (CEST) Received: from mars.bahamas.ergo ([192.168.0.14]) by mars.bahamas.ergo ([192.168.0.14]) with mapi; Wed, 19 May 2010 10:07:17 +0200 From: Bender Heri To: 'Log4J Developers List' Date: Wed, 19 May 2010 10:07:15 +0200 Subject: RE: Password obfuscation Thread-Topic: Password obfuscation Thread-Index: Acr2wMQw23sIkia5SL61S1zPAgjkXQAaS+Ow Message-ID: <9136AE131D290D4B8E66FF863C1F6923884D90E912@mars.bahamas.ergo> References: <860768.49745.qm@web110315.mail.gq1.yahoo.com> <4BF2E81E.1060808@telehorizon.com> <147561.55826.qm@web110315.mail.gq1.yahoo.com> In-Reply-To: <147561.55826.qm@web110315.mail.gq1.yahoo.com> Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: de-DE, en-US Content-Type: text/plain; charset="iso-8859-7" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 If you have full rights about your logger configuration you can either writ= e your own Renderer(s) which filters out the sensitive information within o= ne log statement, or you apply a self written Filter in order to block the = log statement entirely if it contains sensitive information. Heri > -----Original Message----- > From: Terry Mah [mailto:tandtmah@yahoo.com] > Sent: Tuesday, May 18, 2010 9:31 PM > To: Nikolas Nikou; Log4J Developers List > Subject: Re: Password obfuscation >=20 > Hello, > Thanks for your suggestion.=A0 I agree one way to encypt the fields is=A0= on the incoming request.=A0 That > way if we output the request to log, then fields would already be encrypt= ed.=A0 The issue is that the > requests are coming from a third party and they have already stated that = they do not want to encrypt > the fields.=A0 We are using SSL so their already is a level of encryption= at the transport layer and > they do not want to have to encrypt individual fields within the request. >=20 > Thanks, >=20 > Terry >=20 >=20 >=20 >=20 > ----- Original Message ---- > From: Nikolas Nikou > To: Log4J Developers List > Sent: Tue, May 18, 2010 1:18:54 PM > Subject: Re: Password obfuscation >=20 > Hi Terry, > I don't know how your system works but here is an idea, > why don't you encrypt sensitive information over the net? > Nikolas >=20 > =F3=F4=E9=F2 18/5/2010 5:39 =EC=EC, O/H Terry Mah =DD=E3=F1=E1=F8=E5: > > Hello, > > I do not have any experience in development within log4j, but I am wond= ering if you could point me > in the right direction.=A0 Currently we are using jetty and axis2 for our= SOAP server. > > > > We have a need to NOT log any information if it is a password or accoun= t ID.=A0 Since log4j is mostly > used for SOAP requests all passwords and account ID's should follow a bas= ic set of rules.=A0 (i.e. > contained within a SOAP envelope, XML, etc). > > > > Is there a feasible solution where I code alter the log4j code such tha= t I don't have to modify any > other 3rd party app to achieve my goal? > > > > Thanks for the assistance. > > > > Terry > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org > > For additional commands, e-mail: log4j-dev-help@logging.apache.org > > > > > > >=20 >=20 >=20 >=20 > --------------------------------------------------------------------- > To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org > For additional commands, e-mail: log4j-dev-help@logging.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org For additional commands, e-mail: log4j-dev-help@logging.apache.org