You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tapestry.apache.org by "Robert Zeigler (JIRA)" <de...@tapestry.apache.org> on 2008/06/24 21:28:45 UTC

[jira] Commented: (TAPESTRY-2477) Method logging code should recognize an @Password annotation and obscure the output written to the log

    [ https://issues.apache.org/jira/browse/TAPESTRY-2477?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607733#action_12607733 ] 

Robert Zeigler commented on TAPESTRY-2477:
------------------------------------------

What about "Obfuscate" of "Obfuscated"?



> Method logging code should recognize an @Password annotation and obscure the output written to the log
> ------------------------------------------------------------------------------------------------------
>
>                 Key: TAPESTRY-2477
>                 URL: https://issues.apache.org/jira/browse/TAPESTRY-2477
>             Project: Tapestry
>          Issue Type: Improvement
>          Components: tapestry-ioc
>    Affects Versions: 5.0.13
>            Reporter: Howard M. Lewis Ship
>            Priority: Minor
>
> Currently, log output may include plaintext passwords (or other secure data).  I nice solution might be to mark parameters (or the method itself,i.e., the return value) as @Password (or something similar) to clue in the logging code that the parameter in question should be written out as a series of asterisks or otherwise obscured.
> @Secure is already taken; @SecureData, @NotForPryingEyes, @ObscureInOutput, something similar?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org

Re: [jira] Commented: (TAPESTRY-2477) Method logging code should recognize an @Password annotation and obscure the output written to the log

Posted by "com.liigo@gmail.com" <co...@gmail.com>.

what about "ObscureInLog", or "ObscureWhenLog" ?

在 Wed, 25 Jun 2008 03:28:45 +0800，Robert Zeigler (JIRA)  
<de...@tapestry.apache.org> 写道:

>     [  
> https://issues.apache.org/jira/browse/TAPESTRY-2477?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607733#action_12607733  
> ]
>
> Robert Zeigler commented on TAPESTRY-2477:
> ------------------------------------------
>
> What about "Obfuscate" of "Obfuscated"?
>
>
>
>> Method logging code should recognize an @Password annotation and  
>> obscure the output written to the log
>> ------------------------------------------------------------------------------------------------------
>>
>>                 Key: TAPESTRY-2477
>>                 URL: https://issues.apache.org/jira/browse/TAPESTRY-2477
>>             Project: Tapestry
>>          Issue Type: Improvement
>>          Components: tapestry-ioc
>>    Affects Versions: 5.0.13
>>            Reporter: Howard M. Lewis Ship
>>            Priority: Minor
>>
>> Currently, log output may include plaintext passwords (or other secure  
>> data).  I nice solution might be to mark parameters (or the method  
>> itself,i.e., the return value) as @Password (or something similar) to  
>> clue in the logging code that the parameter in question should be  
>> written out as a series of asterisks or otherwise obscured.
>> @Secure is already taken; @SecureData, @NotForPryingEyes,  
>> @ObscureInOutput, something similar?
>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org