[prev in list] [next in list] [prev in thread] [next in thread]
List: log4j-dev
Subject: Re: [2/3] logging-log4j2 git commit: Specify sensitivity property for password attributes
From: Matt Sicker <boards () gmail ! com>
Date: 2016-12-30 22:13:35
Message-ID: CACmp6koS=XnPf_tak25AYze9Rr7zJJ5Ym2QKHMFcDUeXDN5Xtw () mail ! gmail ! com
[Download RAW message or body]
We've been using the sensitive annotation attribute for password values.
This way they aren't logged when the status logger is at debug.
On 30 December 2016 at 15:59, Gary Gregory <garydgregory@gmail.com> wrote:
> Do we need a PluginPasswordAttribute?
>
> Gary
>
> ---------- Forwarded message ----------
> From: <mattsicker@apache.org>
> Date: Fri, Dec 30, 2016 at 1:56 PM
> Subject: [2/3] logging-log4j2 git commit: Specify sensitivity property for
> password attributes
> To: commits@logging.apache.org
>
>
> Specify sensitivity property for password attributes
>
>
> Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo
> Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit
> /b1fa463b
> Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/b1fa463b
> Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/b1fa463b
>
> Branch: refs/heads/master
> Commit: b1fa463b55becf49572b6b4c4f030a88dae68640
> Parents: a890c78
> Author: Matt Sicker <matt.sicker@spr.com>
> Authored: Fri Dec 30 15:55:37 2016 -0600
> Committer: Matt Sicker <matt.sicker@spr.com>
> Committed: Fri Dec 30 15:55:37 2016 -0600
>
> ----------------------------------------------------------------------
> .../apache/logging/log4j/core/net/ssl/KeyStoreConfiguration.java | 2 +-
> .../apache/logging/log4j/core/net/ssl/TrustStoreConfiguration.java | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
> ----------------------------------------------------------------------
>
>
> http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/b
> 1fa463b/log4j-core/src/main/java/org/apache/logging/log4j/co
> re/net/ssl/KeyStoreConfiguration.java
> ----------------------------------------------------------------------
> diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/net
> /ssl/KeyStoreConfiguration.java b/log4j-core/src/main/java/org
> /apache/logging/log4j/core/net/ssl/KeyStoreConfiguration.java
> index b0a6226..db844c7 100644
> --- a/log4j-core/src/main/java/org/apache/logging/log4j/core/net
> /ssl/KeyStoreConfiguration.java
> +++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/net
> /ssl/KeyStoreConfiguration.java
> @@ -64,7 +64,7 @@ public class KeyStoreConfiguration extends
> AbstractKeyStoreConfiguration {
> public static KeyStoreConfiguration createKeyStoreConfiguration(
> // @formatter:off
> @PluginAttribute("location") final String location,
> - @PluginAttribute("password") final String password,
> + @PluginAttribute(value = "password", sensitive = true) final
> String password,
> @PluginAttribute("type") final String keyStoreType,
> @PluginAttribute("keyManagerFactoryAlgorithm") final String
> keyManagerFactoryAlgorithm) throws StoreConfigurationException {
> // @formatter:on
>
> http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/b
> 1fa463b/log4j-core/src/main/java/org/apache/logging/log4j/co
> re/net/ssl/TrustStoreConfiguration.java
> ----------------------------------------------------------------------
> diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/net
> /ssl/TrustStoreConfiguration.java b/log4j-core/src/main/java/org
> /apache/logging/log4j/core/net/ssl/TrustStoreConfiguration.java
> index a3c9bf8..839365b 100644
> --- a/log4j-core/src/main/java/org/apache/logging/log4j/core/net
> /ssl/TrustStoreConfiguration.java
> +++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/net
> /ssl/TrustStoreConfiguration.java
> @@ -59,7 +59,7 @@ public class TrustStoreConfiguration extends
> AbstractKeyStoreConfiguration {
> public static TrustStoreConfiguration createKeyStoreConfiguration(
> // @formatter:off
> @PluginAttribute("location") final String location,
> - @PluginAttribute("password") final String password,
> + @PluginAttribute(value = "password", sensitive = true) final
> String password,
> @PluginAttribute("type") final String keyStoreType,
> @PluginAttribute("trustManagerFactoryAlgorithm") final
> String trustManagerFactoryAlgorithm) throws StoreConfigurationException {
> // @formatter:on
>
>
>
>
> --
> E-Mail: garydgregory@gmail.com | ggregory@apache.org
> Java Persistence with Hibernate, Second Edition
> <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creativ \
> e=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459>
> JUnit in Action, Second Edition
> <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creativ \
> e=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>
>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021>
> Spring Batch in Action
> <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creativ \
> e=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951>
> Blog: http://garygregory.wordpress.com
> Home: http://garygregory.com/
> Tweet! http://twitter.com/GaryGregory
>
--
Matt Sicker <boards@gmail.com>
[Attachment #3 (text/html)]
<div dir="ltr">We've been using the sensitive annotation attribute for password \
values. This way they aren't logged when the status logger is at debug.</div><div \
class="gmail_extra"><br><div class="gmail_quote">On 30 December 2016 at 15:59, Gary \
Gregory <span dir="ltr"><<a href="mailto:garydgregory@gmail.com" \
target="_blank">garydgregory@gmail.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">Do we need a <span \
style="font-size:12.8px">PluginPasswordAttribute?</span><div><span \
style="font-size:12.8px"><br></span></div><div><span \
style="font-size:12.8px">Gary</span></div><div><div><div class="h5"><span \
style="font-size:12.8px"><br></span><div class="gmail_quote">---------- Forwarded \
message ----------<br>From: <b class="gmail_sendername"></b> <span dir="ltr"><<a \
href="mailto:mattsicker@apache.org" \
target="_blank">mattsicker@apache.org</a>></span><br>Date: Fri, Dec 30, 2016 at \
1:56 PM<br>Subject: [2/3] logging-log4j2 git commit: Specify sensitivity property for \
password attributes<br>To: <a href="mailto:commits@logging.apache.org" \
target="_blank">commits@logging.apache.org</a><br><br><br>Specify sensitivity \
property for password attributes<br> <br>
<br>
Project: <a href="http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo" \
rel="noreferrer" target="_blank">http://git-wip-us.apache.org/r<wbr>epos/asf/logging-log4j2/repo</a><br>
Commit: <a href="http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/b1fa463b" \
rel="noreferrer" target="_blank">http://git-wip-us.apache.org/r<wbr>epos/asf/logging-log4j2/commit<wbr>/b1fa463b</a><br>
Tree: <a href="http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/b1fa463b" \
rel="noreferrer" target="_blank">http://git-wip-us.apache.org/r<wbr>epos/asf/logging-log4j2/tree/b<wbr>1fa463b</a><br>
Diff: <a href="http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/b1fa463b" \
rel="noreferrer" target="_blank">http://git-wip-us.apache.org/r<wbr>epos/asf/logging-log4j2/diff/b<wbr>1fa463b</a><br>
<br>
Branch: refs/heads/master<br>
Commit: b1fa463b55becf49572b6b4c4f030a<wbr>88dae68640<br>
Parents: a890c78<br>
Author: Matt Sicker <<a href="mailto:matt.sicker@spr.com" \
target="_blank">matt.sicker@spr.com</a>><br>
Authored: Fri Dec 30 15:55:37 2016 -0600<br>
Committer: Matt Sicker <<a href="mailto:matt.sicker@spr.com" \
target="_blank">matt.sicker@spr.com</a>><br>
Committed: Fri Dec 30 15:55:37 2016 -0600<br>
<br>
------------------------------<wbr>------------------------------<wbr>----------<br>
.../apache/logging/log4j/<wbr>core/net/ssl/<wbr>KeyStoreConfiguration.java | 2 \
+-<br>
.../apache/logging/log4j/<wbr>core/net/ssl/TrustStoreConfigu<wbr>ration.java | 2 \
+-<br> 2 files changed, 2 insertions(+), 2 deletions(-)<br>
------------------------------<wbr>------------------------------<wbr>----------<br>
<br>
<br>
<a href="http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/b1fa463b/log4j-cor \
e/src/main/java/org/apache/logging/log4j/core/net/ssl/KeyStoreConfiguration.java" \
rel="noreferrer" target="_blank">http://git-wip-us.apache.org/r<wbr>epos/asf/logging-l \
og4j2/blob/b<wbr>1fa463b/log4j-core/src/main/ja<wbr>va/org/apache/logging/log4j/co<wbr>re/net/ssl/KeyStoreConfigurati<wbr>on.java</a><br>
------------------------------<wbr>------------------------------<wbr>----------<br>
diff --git a/log4j-core/src/main/java/org<wbr>/apache/logging/log4j/core/net<wbr>/ssl/KeyStoreConfiguration.jav<wbr>a \
b/log4j-core/src/main/java/org<wbr>/apache/logging/log4j/core/net<wbr>/ssl/KeyStoreConfiguration.jav<wbr>a<br>
index b0a6226..db844c7 100644<br>
--- a/log4j-core/src/main/java/org<wbr>/apache/logging/log4j/core/net<wbr>/ssl/KeyStoreConfiguration.jav<wbr>a<br>
+++ b/log4j-core/src/main/java/org<wbr>/apache/logging/log4j/core/net<wbr>/ssl/KeyStoreConfiguration.jav<wbr>a<br>
@@ -64,7 +64,7 @@ public class KeyStoreConfiguration extends \
AbstractKeyStoreConfiguration {<br>
public static KeyStoreConfiguration createKeyStoreConfiguration(<br>
// @formatter:off<br>
@PluginAttribute("location") final String location,<br>
- @PluginAttribute("password") final String password,<br>
+ @PluginAttribute(value = "password", sensitive = true) \
final String password,<br>
@PluginAttribute("type") final String keyStoreType,<br>
@PluginAttribute("keyManagerF<wbr>actoryAlgorithm") \
final String keyManagerFactoryAlgorithm) throws StoreConfigurationException {<br> // \
@formatter:on<br> <br>
<a href="http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/b1fa463b/log4j-cor \
e/src/main/java/org/apache/logging/log4j/core/net/ssl/TrustStoreConfiguration.java" \
rel="noreferrer" target="_blank">http://git-wip-us.apache.org/r<wbr>epos/asf/logging-l \
og4j2/blob/b<wbr>1fa463b/log4j-core/src/main/ja<wbr>va/org/apache/logging/log4j/co<wbr>re/net/ssl/TrustStoreConfigura<wbr>tion.java</a><br>
------------------------------<wbr>------------------------------<wbr>----------<br>
diff --git a/log4j-core/src/main/java/org<wbr>/apache/logging/log4j/core/net<wbr>/ssl/TrustStoreConfiguration.<wbr>java \
b/log4j-core/src/main/java/org<wbr>/apache/logging/log4j/core/net<wbr>/ssl/TrustStoreConfiguration.<wbr>java<br>
index a3c9bf8..839365b 100644<br>
--- a/log4j-core/src/main/java/org<wbr>/apache/logging/log4j/core/net<wbr>/ssl/TrustStoreConfiguration.<wbr>java<br>
+++ b/log4j-core/src/main/java/org<wbr>/apache/logging/log4j/core/net<wbr>/ssl/TrustStoreConfiguration.<wbr>java<br>
@@ -59,7 +59,7 @@ public class TrustStoreConfiguration extends \
AbstractKeyStoreConfiguration {<br>
public static TrustStoreConfiguration createKeyStoreConfiguration(<br>
// @formatter:off<br>
@PluginAttribute("location") final String location,<br>
- @PluginAttribute("password") final String password,<br>
+ @PluginAttribute(value = "password", sensitive = true) \
final String password,<br>
@PluginAttribute("type") final String keyStoreType,<br>
@PluginAttribute("trustManage<wbr>rFactoryAlgorithm") \
final String trustManagerFactoryAlgorithm) throws StoreConfigurationException {<br> \
// @formatter:on<br> <br>
</div><br><br clear="all"><div><br></div></div></div><span class="HOEnZb"><font \
color="#888888">-- <br><div class="m_-3234800630327017459gmail_signature"><div \
dir="ltr"><div><div dir="ltr">E-Mail: <a href="mailto:garydgregory@gmail.com" \
target="_blank">garydgregory@gmail.com</a> | <a href="mailto:ggregory@apache.org" \
target="_blank">ggregory@apache.org </a><br><a \
href="https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789& \
amp;creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8" \
target="_blank">Java Persistence with Hibernate, Second Edition</a><a \
href="http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459" \
target="_blank"> </a><br><a \
href="https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789& \
amp;creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22" \
target="_blank">JUnit in Action, Second Edition</a><a \
href="http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021" \
target="_blank"> </a><br><a \
href="https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789& \
amp;creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action" \
target="_blank">Spring Batch in Action</a><a \
href="http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951" \
target="_blank"> </a><br>Blog: <a href="http://garygregory.wordpress.com/" \
target="_blank">http://garygregory.wordpress.<wbr>com</a> <br>Home: <a \
href="http://garygregory.com/" target="_blank">http://garygregory.com/</a><br>Tweet! \
<a href="http://twitter.com/GaryGregory" \
target="_blank">http://twitter.com/GaryGregory</a></div></div></div></div> \
</font></span></div></div> </blockquote></div><br><br clear="all"><div><br></div>-- \
<br><div class="gmail_signature" data-smartmail="gmail_signature">Matt Sicker <<a \
href="mailto:boards@gmail.com" target="_blank">boards@gmail.com</a>></div> </div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic