You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openjpa.apache.org by "Michael Dick (JIRA)" <ji...@apache.org> on 2010/06/02 18:36:36 UTC
[jira] Created: (OPENJPA-1678) SQL Parameter values may contain
sensitive information and should not be logged by default.
SQL Parameter values may contain sensitive information and should not be logged by default.
-------------------------------------------------------------------------------------------
Key: OPENJPA-1678
URL: https://issues.apache.org/jira/browse/OPENJPA-1678
Project: OpenJPA
Issue Type: Bug
Affects Versions: 2.0.0, 1.2.2, 1.1.0, 1.0.3, 2.1.0
Reporter: Michael Dick
Assignee: Michael Dick
Fix For: 1.0.4, 1.2.3, 2.0.1, 2.1.0
The values for parameters used in our SQL statements may contain sensitive information (e.g. social security numbers). By default these values are printed in the exception message and in SQL trace. Having the values printed can be a great help when debugging an application - but presents a risk when used in production.
To resolve the issue I propose to disable printing the parameter values by default. The parameter values will still be tracked internally - but will not be displayed in exception messages or trace unless the following property is set :
<property name="openjpa.ConnectionFactoryProperties" value="printParameters=true"/>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (OPENJPA-1678) SQL Parameter values may contain
sensitive information and should not be logged by default.
Posted by "Michael Dick (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Dick closed OPENJPA-1678.
---------------------------------
Fix Version/s: 1.3.0
Resolution: Fixed
> SQL Parameter values may contain sensitive information and should not be logged by default.
> -------------------------------------------------------------------------------------------
>
> Key: OPENJPA-1678
> URL: https://issues.apache.org/jira/browse/OPENJPA-1678
> Project: OpenJPA
> Issue Type: Bug
> Affects Versions: 1.0.3, 1.1.0, 1.2.2, 2.0.0, 2.1.0
> Reporter: Michael Dick
> Assignee: Michael Dick
> Fix For: 1.0.4, 1.2.3, 1.3.0, 2.0.1, 2.1.0
>
>
> The values for parameters used in our SQL statements may contain sensitive information (e.g. social security numbers). By default these values are printed in the exception message and in SQL trace. Having the values printed can be a great help when debugging an application - but presents a risk when used in production.
> To resolve the issue I propose to disable printing the parameter values by default. The parameter values will still be tracked internally - but will not be displayed in exception messages or trace unless the following property is set :
> <property name="openjpa.ConnectionFactoryProperties" value="printParameters=true"/>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OPENJPA-1678) SQL Parameter values may contain
sensitive information and should not be logged by default.
Posted by "Michael Dick (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Dick updated OPENJPA-1678:
----------------------------------
Attachment: (was: OPENJPA-1678-openjpa.Log.1.2.x.patch.txt)
> SQL Parameter values may contain sensitive information and should not be logged by default.
> -------------------------------------------------------------------------------------------
>
> Key: OPENJPA-1678
> URL: https://issues.apache.org/jira/browse/OPENJPA-1678
> Project: OpenJPA
> Issue Type: Bug
> Affects Versions: 1.0.3, 1.1.0, 1.2.2, 2.0.0, 2.1.0
> Reporter: Michael Dick
> Assignee: Michael Dick
> Fix For: 1.0.4, 1.2.3, 2.0.1, 2.1.0
>
>
> The values for parameters used in our SQL statements may contain sensitive information (e.g. social security numbers). By default these values are printed in the exception message and in SQL trace. Having the values printed can be a great help when debugging an application - but presents a risk when used in production.
> To resolve the issue I propose to disable printing the parameter values by default. The parameter values will still be tracked internally - but will not be displayed in exception messages or trace unless the following property is set :
> <property name="openjpa.ConnectionFactoryProperties" value="printParameters=true"/>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OPENJPA-1678) SQL Parameter values may contain
sensitive information and should not be logged by default.
Posted by "Pinaki Poddar (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12875333#action_12875333 ]
Pinaki Poddar commented on OPENJPA-1678:
----------------------------------------
I think parameter tracing is useful.
Here is my suggestion on usage
<property name="openjpa.Log" value="SQL=DEBUG"/>
In general DEBUG a new log level finer than TRACE. And DEBUG can be non-localized (what Rick wanted TRACE to be).
> SQL Parameter values may contain sensitive information and should not be logged by default.
> -------------------------------------------------------------------------------------------
>
> Key: OPENJPA-1678
> URL: https://issues.apache.org/jira/browse/OPENJPA-1678
> Project: OpenJPA
> Issue Type: Bug
> Affects Versions: 1.0.3, 1.1.0, 1.2.2, 2.0.0, 2.1.0
> Reporter: Michael Dick
> Assignee: Michael Dick
> Fix For: 1.0.4, 1.2.3, 2.0.1, 2.1.0
>
> Attachments: OPENJPA-1678-openjpa.CFProps.1.2.x.patch.txt, OPENJPA-1678-openjpa.Log.1.2.x.patch.txt
>
>
> The values for parameters used in our SQL statements may contain sensitive information (e.g. social security numbers). By default these values are printed in the exception message and in SQL trace. Having the values printed can be a great help when debugging an application - but presents a risk when used in production.
> To resolve the issue I propose to disable printing the parameter values by default. The parameter values will still be tracked internally - but will not be displayed in exception messages or trace unless the following property is set :
> <property name="openjpa.ConnectionFactoryProperties" value="printParameters=true"/>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OPENJPA-1678) SQL Parameter values may contain
sensitive information and should not be logged by default.
Posted by "Michael Dick (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12877169#action_12877169 ]
Michael Dick commented on OPENJPA-1678:
---------------------------------------
Upon further review I'm leaning towards a separate parameter, also on ConnectionFactoryProperties - since this will be in service releases I'd rather not take the risk of affecting behavior or change the meaning of track parameters for any existing applications.
> SQL Parameter values may contain sensitive information and should not be logged by default.
> -------------------------------------------------------------------------------------------
>
> Key: OPENJPA-1678
> URL: https://issues.apache.org/jira/browse/OPENJPA-1678
> Project: OpenJPA
> Issue Type: Bug
> Affects Versions: 1.0.3, 1.1.0, 1.2.2, 2.0.0, 2.1.0
> Reporter: Michael Dick
> Assignee: Michael Dick
> Fix For: 1.0.4, 1.2.3, 2.0.1, 2.1.0
>
> Attachments: OPENJPA-1678-openjpa.CFProps.1.2.x.patch.txt, OPENJPA-1678-openjpa.Log.1.2.x.patch.txt
>
>
> The values for parameters used in our SQL statements may contain sensitive information (e.g. social security numbers). By default these values are printed in the exception message and in SQL trace. Having the values printed can be a great help when debugging an application - but presents a risk when used in production.
> To resolve the issue I propose to disable printing the parameter values by default. The parameter values will still be tracked internally - but will not be displayed in exception messages or trace unless the following property is set :
> <property name="openjpa.ConnectionFactoryProperties" value="printParameters=true"/>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OPENJPA-1678) SQL Parameter values may contain
sensitive information and should not be logged by default.
Posted by "Michael Dick (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12874739#action_12874739 ]
Michael Dick commented on OPENJPA-1678:
---------------------------------------
I thought about that too. The problem is that it isn't just logging that we're concerned with - we need to alter the toString on LoggingConnectionDecorator.LoggingPreparedStatement (from memory) LoggingConnectionDecorator is already aware of some of this - there's a trackParameters property which does similar things - but it's not quite what we need here..
What I hadn't considered (until now) is skipping the LoggingConnectionDecorator unless this property is enabled. That might work - not sure offhand what it would do to the rest of SQL or JDBC logging though.
> SQL Parameter values may contain sensitive information and should not be logged by default.
> -------------------------------------------------------------------------------------------
>
> Key: OPENJPA-1678
> URL: https://issues.apache.org/jira/browse/OPENJPA-1678
> Project: OpenJPA
> Issue Type: Bug
> Affects Versions: 1.0.3, 1.1.0, 1.2.2, 2.0.0, 2.1.0
> Reporter: Michael Dick
> Assignee: Michael Dick
> Fix For: 1.0.4, 1.2.3, 2.0.1, 2.1.0
>
>
> The values for parameters used in our SQL statements may contain sensitive information (e.g. social security numbers). By default these values are printed in the exception message and in SQL trace. Having the values printed can be a great help when debugging an application - but presents a risk when used in production.
> To resolve the issue I propose to disable printing the parameter values by default. The parameter values will still be tracked internally - but will not be displayed in exception messages or trace unless the following property is set :
> <property name="openjpa.ConnectionFactoryProperties" value="printParameters=true"/>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OPENJPA-1678) SQL Parameter values may contain
sensitive information and should not be logged by default.
Posted by "Michael Dick (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12875613#action_12875613 ]
Michael Dick commented on OPENJPA-1678:
---------------------------------------
Hi Pinaki,
I think this is orthogonal to the level of tracing used. While it's often useful in conjunction with other tracing the two should not be tied together. You should be able to see parameters in your exception text (if you so desire) without enabling logging for example.
I'm not entirely sold on introducing a new log level in service either. For the time being I'm going to treat this as a bug with openjpa.ConnectionFactoryProperties.TrackParameters and fix it that way (the cfProps patch).
> SQL Parameter values may contain sensitive information and should not be logged by default.
> -------------------------------------------------------------------------------------------
>
> Key: OPENJPA-1678
> URL: https://issues.apache.org/jira/browse/OPENJPA-1678
> Project: OpenJPA
> Issue Type: Bug
> Affects Versions: 1.0.3, 1.1.0, 1.2.2, 2.0.0, 2.1.0
> Reporter: Michael Dick
> Assignee: Michael Dick
> Fix For: 1.0.4, 1.2.3, 2.0.1, 2.1.0
>
> Attachments: OPENJPA-1678-openjpa.CFProps.1.2.x.patch.txt, OPENJPA-1678-openjpa.Log.1.2.x.patch.txt
>
>
> The values for parameters used in our SQL statements may contain sensitive information (e.g. social security numbers). By default these values are printed in the exception message and in SQL trace. Having the values printed can be a great help when debugging an application - but presents a risk when used in production.
> To resolve the issue I propose to disable printing the parameter values by default. The parameter values will still be tracked internally - but will not be displayed in exception messages or trace unless the following property is set :
> <property name="openjpa.ConnectionFactoryProperties" value="printParameters=true"/>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OPENJPA-1678) SQL Parameter values may contain
sensitive information and should not be logged by default.
Posted by "Michael Dick (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Dick updated OPENJPA-1678:
----------------------------------
Attachment: (was: OPENJPA-1678-openjpa.CFProps.1.2.x.patch.txt)
> SQL Parameter values may contain sensitive information and should not be logged by default.
> -------------------------------------------------------------------------------------------
>
> Key: OPENJPA-1678
> URL: https://issues.apache.org/jira/browse/OPENJPA-1678
> Project: OpenJPA
> Issue Type: Bug
> Affects Versions: 1.0.3, 1.1.0, 1.2.2, 2.0.0, 2.1.0
> Reporter: Michael Dick
> Assignee: Michael Dick
> Fix For: 1.0.4, 1.2.3, 2.0.1, 2.1.0
>
>
> The values for parameters used in our SQL statements may contain sensitive information (e.g. social security numbers). By default these values are printed in the exception message and in SQL trace. Having the values printed can be a great help when debugging an application - but presents a risk when used in production.
> To resolve the issue I propose to disable printing the parameter values by default. The parameter values will still be tracked internally - but will not be displayed in exception messages or trace unless the following property is set :
> <property name="openjpa.ConnectionFactoryProperties" value="printParameters=true"/>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OPENJPA-1678) SQL Parameter values may contain
sensitive information and should not be logged by default.
Posted by "Michael Dick (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Dick updated OPENJPA-1678:
----------------------------------
Attachment: OPENJPA-1678-openjpa.CFProps.1.2.x.patch.txt
OPENJPA-1678-openjpa.Log.1.2.x.patch.txt
I've tried it two ways. One uses openjpa.Log to control whether parameters are printed, the other uses openjpa.ConnectionFactoryProperties.
The openjpa.Log approach is just a proof of concept. The changes will have to ripple through to any of our LogFactory classes - I just skipped that and cast to LogFactoryImpl.
The openjpa.CFProperties approach is a bit leaner and less intrusive (I'm leaning this way at the moment).
> SQL Parameter values may contain sensitive information and should not be logged by default.
> -------------------------------------------------------------------------------------------
>
> Key: OPENJPA-1678
> URL: https://issues.apache.org/jira/browse/OPENJPA-1678
> Project: OpenJPA
> Issue Type: Bug
> Affects Versions: 1.0.3, 1.1.0, 1.2.2, 2.0.0, 2.1.0
> Reporter: Michael Dick
> Assignee: Michael Dick
> Fix For: 1.0.4, 1.2.3, 2.0.1, 2.1.0
>
> Attachments: OPENJPA-1678-openjpa.CFProps.1.2.x.patch.txt, OPENJPA-1678-openjpa.Log.1.2.x.patch.txt
>
>
> The values for parameters used in our SQL statements may contain sensitive information (e.g. social security numbers). By default these values are printed in the exception message and in SQL trace. Having the values printed can be a great help when debugging an application - but presents a risk when used in production.
> To resolve the issue I propose to disable printing the parameter values by default. The parameter values will still be tracked internally - but will not be displayed in exception messages or trace unless the following property is set :
> <property name="openjpa.ConnectionFactoryProperties" value="printParameters=true"/>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OPENJPA-1678) SQL Parameter values may contain
sensitive information and should not be logged by default.
Posted by "Albert Lee (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENJPA-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12874732#action_12874732 ]
Albert Lee commented on OPENJPA-1678:
-------------------------------------
I wonder should we use openjpa.Log instead of introduce a new property
i.e. <property name="openjpa.Log" value="DefaultLevel=TRACE,printParameters=true"/>
Albert Lee.
> SQL Parameter values may contain sensitive information and should not be logged by default.
> -------------------------------------------------------------------------------------------
>
> Key: OPENJPA-1678
> URL: https://issues.apache.org/jira/browse/OPENJPA-1678
> Project: OpenJPA
> Issue Type: Bug
> Affects Versions: 1.0.3, 1.1.0, 1.2.2, 2.0.0, 2.1.0
> Reporter: Michael Dick
> Assignee: Michael Dick
> Fix For: 1.0.4, 1.2.3, 2.0.1, 2.1.0
>
>
> The values for parameters used in our SQL statements may contain sensitive information (e.g. social security numbers). By default these values are printed in the exception message and in SQL trace. Having the values printed can be a great help when debugging an application - but presents a risk when used in production.
> To resolve the issue I propose to disable printing the parameter values by default. The parameter values will still be tracked internally - but will not be displayed in exception messages or trace unless the following property is set :
> <property name="openjpa.ConnectionFactoryProperties" value="printParameters=true"/>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.