My developers are wanting to see the server.log of my production jboss server, but included in the log files are the oracle username and passwords configured for the datasource.

Right now I just have the log file directory restricted via file permissions so they can't view it, but they are now requesting access to it for troubleshooting problems.

After a quick search of the forums I didn't come across anything. So it is possible to filter out the datasource passwords via a jboss configuration file?

I'm using jboss-3.2.1_tomcat-4.1.24

Thanks in advance for your help.