11 Replies Latest reply on Oct 10, 2008 12:16 PM by Anil Saldanha

    Masking passwords in logs

    Marcus Moyses Novice

      I was given a task to mask passwords that appear in the logs, as it's a security flaw to expose such information.
      So far I have identified XSLSubDeployer, ServiceConfigurator and ServiceDeploymentDeployer as the classes that parse the information in the XMLs and eventually print a password in plain text in the log for debug purposes.
      I have committed a change to mask these passwords, but as Ales pointed, this is not a generic solution.
      I am opening this thread so we can discuss a better solution for this. Please contribute with your ideas.