Hi all,
Currently IS supports to limit the debug logs that are printed according to
the sensitive data that contains in the log. There is a separate properties
file which contains the token type (or the information category) and the
printable or non printable status. In the default state, this file will be
not read and all sensitive data will be not printed to the logs. There is a
special system property which should be pass to read the file and print
logs accordingly.
We are hoping to move this feature to the kernel as it is an important
feature for all of the products which prints sensitive information in logs.
Currently in IS, we have a util method which we use to check before
printing each sensitive log.
if (log.isDebugEnable() && IdentityUtil.isLogPrintable("TokenType")) {
log.debug("Sensitive data");
}
However we are considering following improvement when moving to the carbon
kernel. Which is to create a log appender which will read the log.debug
with a placeholder.
if (log.isDebugEnable()) {
log.debug("Sensitive data ${TokenType}");
}
downside of this approach is string will be always created whether the log
is printable or not.
What should be the better approach? Or is there any other better approach?
Please give your ideas.
Thanks!
*Jayanga Kaushalya*
Software Engineer
Mobile: +94777860160
WSO2 Inc. | http://wso2.com
lean.enterprise.middleware
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
