I was given a task to mask passwords that appear in the logs, as it's a security flaw to expose such information. So far I have identified XSLSubDeployer, ServiceConfigurator and ServiceDeploymentDeployer as the classes that parse the information in the XMLs and eventually print a password in plain text in the log for debug purposes. I have committed a change to mask these passwords, but as Ales pointed, this is not a generic solution. I am opening this thread so we can discuss a better solution for this. Please contribute with your ideas. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4181513#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...