tapestry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Howard M. Lewis Ship (JIRA)" <j...@apache.org>
Subject [jira] Commented: (TAP5-177) Method logging code should recognize an @Password annotation and obscure the output written to the log
Date Wed, 06 Jan 2010 21:42:56 GMT

    [ https://issues.apache.org/jira/browse/TAP5-177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12797321#action_12797321
] 

Howard M. Lewis Ship commented on TAP5-177:
-------------------------------------------

I think I like @Sensitive

> Method logging code should recognize an @Password annotation and obscure the output written
to the log
> ------------------------------------------------------------------------------------------------------
>
>                 Key: TAP5-177
>                 URL: https://issues.apache.org/jira/browse/TAP5-177
>             Project: Tapestry 5
>          Issue Type: Improvement
>    Affects Versions: 5.0.15
>            Reporter: Howard M. Lewis Ship
>            Priority: Minor
>
> Currently, log output may include plaintext passwords (or other secure data).  I nice
solution might be to mark parameters (or the method itself,i.e., the return value) as @Password
(or something similar) to clue in the logging code that the parameter in question should be
written out as a series of asterisks or otherwise obscured.
> @Secure is already taken; @SecureData, @NotForPryingEyes, @ObscureInOutput, something
similar?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message