You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "D Green (JIRA)" <ji...@apache.org> on 2014/01/07 11:58:52 UTC
[jira] [Created] (LANG-945) ToStringBuilder can expose passwords
and other sensitive data in logs
D Green created LANG-945:
----------------------------
Summary: ToStringBuilder can expose passwords and other sensitive data in logs
Key: LANG-945
URL: https://issues.apache.org/jira/browse/LANG-945
Project: Commons Lang
Issue Type: New Feature
Components: lang.builder.*
Reporter: D Green
We just noticed ToStringBuilder was exposing passwords in our logs - would be nice to have a way of either ignoring or obfiscating the value of fields either by passing in a vararg to the builder or having an annotation to do this.
Also, 'password' could possibly always be obfiscated by default?
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)