logging-log4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Saibabu Vallurupalli <saibabu.vallurupa...@gmail.com>
Subject Re: software does not neutralize output that is logged
Date Tue, 21 Jan 2014 22:27:04 GMT
First of all Thanks so much for you all for the quickest response for this
posting. I am thinking of writing a wrapper class and update the source,
but we have about 2400 Java classes in the application which needs to be
updated and are using log4j logger. I am trying to explore the option to
avoid modifying all these classes with some kind of ingestion. Any
suggestions around will be greatly appreciated.

Thank you,
Sai



On Tue, Jan 21, 2014 at 5:20 PM, Paul Benedict <pbenedict@apache.org> wrote:

> This is not an unusual requirement. I've been at a company that tries to
> scrub log files from certain patterns (like SSN #s). Can that be done in
> log4j? I don't know. It would be interesting to know if 2.0 had some sort
> of filtering capability. Remko? Gary? Ralph?
>
>
> On Tue, Jan 21, 2014 at 4:16 PM, Saibabu Vallurupalli <
> saibabu.vallurupalli@gmail.com> wrote:
>
>> So, we wanted to inspect the message which is getting logged out to avoid
>> possible security issues. So, what exactly I am looking is If I wanted to
>> add a restriction on whats been logged. How can I achieve this?
>>
>> For example: log.info("user name"+username+"Password"+password); // This
>> is just an example if I see a message having password do not log it or take
>> some action.
>>
>> Please advise.
>>
>> Thank you,
>> Sai
>>
>>
>> On Tue, Jan 21, 2014 at 5:12 PM, Remko Popma <remko.popma@gmail.com>wrote:
>>
>>> Sorry, but I have no idea what you mean by "neutralize out".
>>> What is currently happening and what would you like to happen instead?
>>>
>>> Sent from my iPhone
>>>
>>> > On 2014/01/22, at 6:29, Saibabu Vallurupalli <
>>> saibabu.vallurupalli@gmail.com> wrote:
>>> >
>>> > Hi,
>>> >
>>> > I am working on an issue related to logging. I our application we are
>>> using log4j for logging and we detected our software doesn't neutralize out
>>> properly. Now, Is there any way without modifying the entire source by
>>> going through each and every class we can achieve this functionality of
>>> inspecting the message getting logged and take appropriate action.
>>> >
>>> > We appreciate your support.
>>> >
>>> > Thank you,
>>> > Sai
>>> >
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
>>> For additional commands, e-mail: log4j-dev-help@logging.apache.org
>>>
>>>
>>
>
>
> --
> Cheers,
> Paul
>

Mime
View raw message