Where are you pulling the passwords from? Are you using an NDC/MDC?
If the passwords are logging directly by your application - i.e. something
like:
logger.debug("password = " + password);
Then you should look at changing the log statements.
On 10/15/07, John Smith <[EMAIL PROTECTED]> wrote:
>
> Hi,
> Is there any way to suppress passwords' display in the log files?
> I am concerned that log files will be accessible to various users on
> the server, disclosing the application passwords to them.
>
> Is there some way to filter the passwords before they are committed to
> the log file?
>
> Thanks,
> John
>
>
> (2007-10-12 02:02:23,451) 1140750 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:259 - password =
> TESTPASSWORD
>
> (2007-10-12 02:02:23,452) 1140751 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:259 - Submit = Go
>
> (2007-10-12 02:02:23,452) 1140751 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:259 - redirectURL
> =
>
> (2007-10-12 02:02:23,453) 1140752 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:259 - username =
> TESTUSERNAME
>
> (2007-10-12 02:02:23,455) 1140754 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.catalina.core.ApplicationDispatcher:185 -
> servletPath=/auth/loginMessage.jsp, pathInfo=null, queryString=null,
> name=null
>
> (2007-10-12 02:02:23,456) 1140755 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.catalina.core.ApplicationDispatcher:562 - Path Based
> Include
>
> (2007-10-12 02:02:23,457) 1140756 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:249 - JspEngine -->
> /auth/loginMessage.jsp
>
> (2007-10-12 02:02:23,458) 1140757 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:250 - ServletPath:
> /auth/loginWarning.jsp
>
> (2007-10-12 02:02:23,458) 1140757 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:251 - PathInfo:
> null
>
> (2007-10-12 02:02:23,459) 1140758 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:252 - RealPath:
> /opt/jboss-
> 4.2.0.GA/server/storeapp/./deploy/jboss-storeapp.ear/jboss-storeapp.war/auth/loginMessage.jsp
>
> (2007-10-12 02:02:23,460) 1140759 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:253 - RequestURI:
> /admin/auth/loginWarning.jsp
>
> (2007-10-12 02:02:23,461) 1140760 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:254 - QueryString:
> null
>
> (2007-10-12 02:02:23,461) 1140760 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:255 - Request Params:
>
> (2007-10-12 02:02:23,462) 1140761 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:259 - password =
> TESTPASSWORD
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
