[jboss-dev-forums] [Design of POJO Server] - Masking passwords in logs
mmoyses
do-not-reply at jboss.com
Fri Oct 10 10:09:13 EDT 2008
I was given a task to mask passwords that appear in the logs, as it's a security flaw to expose such information.
So far I have identified XSLSubDeployer, ServiceConfigurator and ServiceDeploymentDeployer as the classes that parse the information in the XMLs and eventually print a password in plain text in the log for debug purposes.
I have committed a change to mask these passwords, but as Ales pointed, this is not a generic solution.
I am opening this thread so we can discuss a better solution for this. Please contribute with your ideas.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4181513#4181513
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4181513
More information about the jboss-dev-forums
mailing list