You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@deltaspike.apache.org by "Gerhard Petracek (JIRA)" <ji...@apache.org> on 2013/06/16 20:29:20 UTC

[jira] [Comment Edited] (DELTASPIKE-382) mask out passwords and other credentials in our Configuration logs

    [ https://issues.apache.org/jira/browse/DELTASPIKE-382?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13684702#comment-13684702 ] 

Gerhard Petracek edited comment on DELTASPIKE-382 at 6/16/13 6:28 PM:
----------------------------------------------------------------------

to summarize it:
#1 i don't agree with masking values for the access via a single ds-api (because it needs to be solved on a different level)
#2 i agree that we can improve the current default handling
#3 i agree that it should be possible to skip logging (and not masking) in some cases/stages/... (without agreeing with the password use-case -> i don't agree with the title of this ticket and the initially used use-case - see #1)
#4 if someone uses it for use-cases not everybody here agrees with, they are responsible for it (but imo we shouldn't actively support/document it)
                
      was (Author: gpetracek):
    to summarize it:
#1 i don't agree with masking values for the access via a single ds-api (because it needs to be solved on a different level)
#2 i agree that we can improve the current default handling
#3 i agree that it should be possible to avoid logging in some cases/stages/... (without agreeing with the password use-case -> i don't agree with the title of this ticket and the initially used use-case - see #1)
#4 if someone uses it for use-cases not everybody here agrees with, they are responsible for it (but imo we shouldn't actively support/document it)
                  
> mask out passwords and other credentials in our Configuration logs
> ------------------------------------------------------------------
>
>                 Key: DELTASPIKE-382
>                 URL: https://issues.apache.org/jira/browse/DELTASPIKE-382
>             Project: DeltaSpike
>          Issue Type: New Feature
>          Components: Configuration
>    Affects Versions: 0.4
>            Reporter: Mark Struberg
>            Assignee: Mark Struberg
>             Fix For: 0.5
>
>
> Our configuration mechanism currently logs all the configured values.
> This makes it hard to use it for passwords and stuff.
> I suggest we introduce some specific prefix property to configure configs which contain sensitive information.
> For the key 'some.random.password' this could look like:
> deltaspike_config.mask.some.random.password=true
> In the log we would in this case just output the information whether and where we did find some value, but not print the details for all configs which start with all of the configured masks.
> I'm not yet sure though how to configure this best. Suggestions appreciated!

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira