[disscuss][java-chassis] is there any existing sensitive word filter component?

[wjm wjm <zz...@gmail.com>]

https://github.com/apache/servicecomb-java-chassis/pull/1180

inspector of configuration need to change some value to "******", eg:
password

Re: [disscuss][java-chassis] is there any existing sensitive word filter component?

[wjm wjm <zz...@gmail.com>]

replace is not a problem
the problem is how to determine if should to replace
because customer maybe configure multiple key words, it's slow to loop them
to check

by sensitive word filter component(maybe use DFA algorithm), we can do
the judgment with high performance.

Willem Jiang <wi...@gmail.com> 于2019年4月16日周二 下午3:39写道：

> Hi,
>
> You can take this log implementation[1][2] as an example.
> If you just want to mask the password property, you can use String
> replace method to remove it.
>
> [1]
> https://konstantinpavlov.net/blog/2015/07/26/secure-java-logging-with-logback/
> [2]https://github.com/javabeanz/owasp-security-logging
>
> Willem Jiang
>
> Twitter: willemjiang
> Weibo: 姜宁willem
>
> On Mon, Apr 15, 2019 at 9:06 AM wjm wjm <zz...@gmail.com> wrote:
> >
> > https://github.com/apache/servicecomb-java-chassis/pull/1180
> >
> > inspector of configuration need to change some value to "******", eg:
> > password
>

Re: [disscuss][java-chassis] is there any existing sensitive word filter component?

[Willem Jiang <wi...@gmail.com>]

Hi,

You can take this log implementation[1][2] as an example.
If you just want to mask the password property, you can use String
replace method to remove it.

[1]https://konstantinpavlov.net/blog/2015/07/26/secure-java-logging-with-logback/
[2]https://github.com/javabeanz/owasp-security-logging

Willem Jiang

Twitter: willemjiang
Weibo: 姜宁willem

On Mon, Apr 15, 2019 at 9:06 AM wjm wjm <zz...@gmail.com> wrote:
>
> https://github.com/apache/servicecomb-java-chassis/pull/1180
>
> inspector of configuration need to change some value to "******", eg:
> password