You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tapestry.apache.org by "Jochen Kemnade (JIRA)" <ji...@apache.org> on 2014/05/27 09:20:55 UTC
[jira] [Updated] (TAP5-177) Method logging code should recognize an
@Password annotation and obscure the output written to the log
[ https://issues.apache.org/jira/browse/TAP5-177?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jochen Kemnade updated TAP5-177:
--------------------------------
Labels: bulk-close-candidate (was: tapestry5-review-for-closing)
This issue has been last updated about 1.5 years ago, has no assignee, affects an old version of Tapestry that is not actively developed anymore, and is therefore prone to be bulk-closed in the near future.
If the issue still persists with the most recent development preview of Tapestry (5.4-beta-6, which is available from Maven Central), please update it as soon as possible. In the case of a feature request, please discuss it with the Tapestry developer community on the dev@tapestry.apache.org mailing list first.
> Method logging code should recognize an @Password annotation and obscure the output written to the log
> ------------------------------------------------------------------------------------------------------
>
> Key: TAP5-177
> URL: https://issues.apache.org/jira/browse/TAP5-177
> Project: Tapestry 5
> Issue Type: Improvement
> Affects Versions: 5.0.15
> Reporter: Howard M. Lewis Ship
> Priority: Minor
> Labels: bulk-close-candidate
>
> Currently, log output may include plaintext passwords (or other secure data). I nice solution might be to mark parameters (or the method itself,i.e., the return value) as @Password (or something similar) to clue in the logging code that the parameter in question should be written out as a series of asterisks or otherwise obscured.
> @Secure is already taken; @SecureData, @NotForPryingEyes, @ObscureInOutput, something similar?
--
This message was sent by Atlassian JIRA
(v6.2#6252)