You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by shareski <sa...@gmail.com> on 2014/10/23 18:25:21 UTC
Page Parameters logging
We have a secret parameter that we don't want to be logged in a stack trace
or anything. Right now we're using a custom IRequestHandler to intercept the
exception but I'm wondering if there's a more elegant way to do this.
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Page-Parameters-logging-tp4668053.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Page Parameters logging
Posted by shareski <sa...@gmail.com>.
Thanks, this is what I'm doing now, just wanted to make sure it was an ok
idea.
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Page-Parameters-logging-tp4668053p4668074.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Page Parameters logging
Posted by Andrea Del Bene <an...@gmail.com>.
Sorry. I've realized that maybe you need a more efficient strategy to
hide your parameter. I think that using a custom request handler is the
right way. you can override getExceptionMapperProvider in you
application to return tour custom handler for exception. You can have a
look at DefaultExceptionMapper to find some implementation hints.
> hi,
>
> maybe you can use a custom error page:
> Application.getApplicationSettings().setInternalErrorPage
>> We have a secret parameter that we don't want to be logged in a stack
>> trace
>> or anything. Right now we're using a custom IRequestHandler to
>> intercept the
>> exception but I'm wondering if there's a more elegant way to do this.
>>
>> --
>> View this message in context:
>> http://apache-wicket.1842946.n4.nabble.com/Page-Parameters-logging-tp4668053.html
>> Sent from the Users forum mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Page Parameters logging
Posted by Andrea Del Bene <an...@gmail.com>.
hi,
maybe you can use a custom error page:
Application.getApplicationSettings().setInternalErrorPage
> We have a secret parameter that we don't want to be logged in a stack trace
> or anything. Right now we're using a custom IRequestHandler to intercept the
> exception but I'm wondering if there's a more elegant way to do this.
>
> --
> View this message in context: http://apache-wicket.1842946.n4.nabble.com/Page-Parameters-logging-tp4668053.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Page Parameters logging
Posted by shareski <sa...@gmail.com>.
Ya, this is definitely a band-aid fix, but the application is a bit of a
Frankenstein's monster so encrypting the parameter everywhere it's used is a
colossal task, though it's definitely the proper solution.
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Page-Parameters-logging-tp4668053p4668075.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Page Parameters logging
Posted by Martin Grigorov <mg...@apache.org>.
Hi,
Maybe you want to encrypt the value of this special parameter ?!
It will be a never ending story to patch all places where this parameter
may leak.
See CryptoMapper for inspiration how to encrypt and decrypt strings.
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Thu, Oct 23, 2014 at 7:25 PM, shareski <sa...@gmail.com> wrote:
> We have a secret parameter that we don't want to be logged in a stack trace
> or anything. Right now we're using a custom IRequestHandler to intercept
> the
> exception but I'm wondering if there's a more elegant way to do this.
>
> --
> View this message in context:
> http://apache-wicket.1842946.n4.nabble.com/Page-Parameters-logging-tp4668053.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>