You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "D Green (JIRA)" <ji...@apache.org> on 2014/01/07 11:58:52 UTC

[jira] [Created] (LANG-945) ToStringBuilder can expose passwords and other sensitive data in logs

D Green created LANG-945:
----------------------------

             Summary: ToStringBuilder can expose passwords and other sensitive data in logs
                 Key: LANG-945
                 URL: https://issues.apache.org/jira/browse/LANG-945
             Project: Commons Lang
          Issue Type: New Feature
          Components: lang.builder.*
            Reporter: D Green


We just noticed ToStringBuilder was exposing passwords in our logs - would be nice to have a way of either ignoring or obfiscating the value of fields either by passing in a vararg to the builder or having an annotation to do this.

Also, 'password' could possibly always be obfiscated by default?





--
This message was sent by Atlassian JIRA
(v6.1.5#6160)