servicecomb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wjm wjm <zzz...@gmail.com>
Subject Re: [disscuss][java-chassis] is there any existing sensitive word filter component?
Date Tue, 16 Apr 2019 08:37:31 GMT
replace is not a problem
the problem is how to determine if should to replace
because customer maybe configure multiple key words, it's slow to loop them
to check

by sensitive word filter component(maybe use DFA algorithm), we can do
the judgment with high performance.

Willem Jiang <willem.jiang@gmail.com> 于2019年4月16日周二 下午3:39写道:

> Hi,
>
> You can take this log implementation[1][2] as an example.
> If you just want to mask the password property, you can use String
> replace method to remove it.
>
> [1]
> https://konstantinpavlov.net/blog/2015/07/26/secure-java-logging-with-logback/
> [2]https://github.com/javabeanz/owasp-security-logging
>
> Willem Jiang
>
> Twitter: willemjiang
> Weibo: 姜宁willem
>
> On Mon, Apr 15, 2019 at 9:06 AM wjm wjm <zzzwjm@gmail.com> wrote:
> >
> > https://github.com/apache/servicecomb-java-chassis/pull/1180
> >
> > inspector of configuration need to change some value to "******", eg:
> > password
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message