You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@wicket.apache.org by shareski <sa...@gmail.com> on 2014/10/23 18:25:21 UTC

Page Parameters logging

We have a secret parameter that we don't want to be logged in a stack trace
or anything. Right now we're using a custom IRequestHandler to intercept the
exception but I'm wondering if there's a more elegant way to do this.

--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Page-Parameters-logging-tp4668053.html
Sent from the Users forum mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: Page Parameters logging

Posted by shareski <sa...@gmail.com>.

Thanks, this is what I'm doing now, just wanted to make sure it was an ok
idea.

--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Page-Parameters-logging-tp4668053p4668074.html
Sent from the Users forum mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: Page Parameters logging

Posted by Andrea Del Bene <an...@gmail.com>.

Sorry. I've realized that maybe you need a more efficient strategy to 
hide your parameter. I think that using a custom request handler is the 
right way. you can override getExceptionMapperProvider in you 
application to return tour custom handler for exception. You can have a 
look at DefaultExceptionMapper to find some implementation hints.
> hi,
>
> maybe you can use a custom error page: 
> Application.getApplicationSettings().setInternalErrorPage
>> We have a secret parameter that we don't want to be logged in a stack 
>> trace
>> or anything. Right now we're using a custom IRequestHandler to 
>> intercept the
>> exception but I'm wondering if there's a more elegant way to do this.
>>
>> -- 
>> View this message in context: 
>> http://apache-wicket.1842946.n4.nabble.com/Page-Parameters-logging-tp4668053.html
>> Sent from the Users forum mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: Page Parameters logging

Posted by Andrea Del Bene <an...@gmail.com>.

hi,

maybe you can use a custom error page: 
Application.getApplicationSettings().setInternalErrorPage
> We have a secret parameter that we don't want to be logged in a stack trace
> or anything. Right now we're using a custom IRequestHandler to intercept the
> exception but I'm wondering if there's a more elegant way to do this.
>
> --
> View this message in context: http://apache-wicket.1842946.n4.nabble.com/Page-Parameters-logging-tp4668053.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: Page Parameters logging

Posted by shareski <sa...@gmail.com>.

Ya, this is definitely a band-aid fix, but the application is a bit of a
Frankenstein's monster so encrypting the parameter everywhere it's used is a
colossal task, though it's definitely the proper solution.

--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Page-Parameters-logging-tp4668053p4668075.html
Sent from the Users forum mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: Page Parameters logging

Posted by Martin Grigorov <mg...@apache.org>.

Hi,

Maybe you want to encrypt the value of this special parameter ?!
It will be a never ending story to patch all places where this parameter
may leak.

See CryptoMapper for inspiration how to encrypt and decrypt strings.

Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov

On Thu, Oct 23, 2014 at 7:25 PM, shareski <sa...@gmail.com> wrote:

> We have a secret parameter that we don't want to be logged in a stack trace
> or anything. Right now we're using a custom IRequestHandler to intercept
> the
> exception but I'm wondering if there's a more elegant way to do this.
>
> --
> View this message in context:
> http://apache-wicket.1842946.n4.nabble.com/Page-Parameters-logging-tp4668053.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>