You are viewing a plain text version of this content. The canonical link for it is here.

Posted to log4j-dev@logging.apache.org by Mateen Moiz <M....@eaa.unsw.edu.au> on 2012/06/21 08:42:55 UTC

RE: Question -- Hiding Password in log4j.xml while using JDBCAppender

Hi,

I am using Log4j with JDBCAppender using XML configuration, to make the
logs in the database. The problem is that the password in log4j.xml file
is in plain text. How can I hide this password?

I have used

MDC.put("pass", "abc");  

to place the password and it works fine with "sql" and proper password
is being inserted into the database

<param name="sql" value="INSERT INTO LOGS(Password, Message) VALUES
('%X{pass}', '%m')" />

But it's not working with the "password" param and giving "Access denied
for user ..."

<param name="password" value="%X{pass}" />

Please suggest what to do?

Code snap of log4j.xml is as follows.

<appender name="jdbc" class="org.apache.log4j.jdbc.JDBCAppender">  
    <param name="URL" value="jdbc:mysql://global/CL" />  
    <param name="user" value="Myapp" />  
    <param name="password" value="%X{pass}" />  
    <param name="driver" value="com.mysql.jdbc.Driver" />  
    <param name="sql" value="INSERT INTO LOGS(Password, MESSAGE) VALUES
('%X{pass}','%m')" />  
 </appender>  

 

Best Regards,

Mateen Moiz