We have an audit logger to specifically log audit related stuff. On Fri, Nov 27, 2015 at 2:10 PM, Prabath Siriwardana <[email protected]> wrote:
> I guess it would be much better to have a different log appender to log > sensitive data. In that way you get more control. Whether to print the log > or not - or even encrypt and print, logic will go into the appender > itself... > > Thanks & regards, > -Prabath > > On Thu, Nov 26, 2015 at 9:53 PM, Jayanga Kaushalya <[email protected]> > wrote: > >> Hi all, >> >> Currently IS supports to limit the debug logs that are printed according >> to the sensitive data that contains in the log. There is a separate >> properties file which contains the token type (or the information category) >> and the printable or non printable status. In the default state, this file >> will be not read and all sensitive data will be not printed to the logs. >> There is a special system property which should be pass to read the file >> and print logs accordingly. >> >> We are hoping to move this feature to the kernel as it is an important >> feature for all of the products which prints sensitive information in logs. >> >> Currently in IS, we have a util method which we use to check before >> printing each sensitive log. >> >> if (log.isDebugEnable() && IdentityUtil.isLogPrintable("TokenType")) { >> log.debug("Sensitive data"); >> } >> >> However we are considering following improvement when moving to the >> carbon kernel. Which is to create a log appender which will read the >> log.debug with a placeholder. >> >> if (log.isDebugEnable()) { >> log.debug("Sensitive data ${TokenType}"); >> } >> >> downside of this approach is string will be always created whether the >> log is printable or not. >> >> What should be the better approach? Or is there any other better >> approach? Please give your ideas. >> >> Thanks! >> >> *Jayanga Kaushalya* >> Software Engineer >> Mobile: +94777860160 >> WSO2 Inc. | http://wso2.com >> lean.enterprise.middleware >> > > > > -- > Thanks & Regards, > Prabath > > Twitter : @prabath > LinkedIn : http://www.linkedin.com/in/prabathsiriwardena > > Mobile : +1 650 625 7950 > > http://blog.facilelogin.com > http://blog.api-security.org > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com Member; Apache Software Foundation; http://www.apache.org/ * <http://www.apache.org/>* *email: **[email protected]* <[email protected]> * cell: +94 77 3320919blog: **http://blog.afkham.org* <http://blog.afkham.org> *twitter: **http://twitter.com/afkham_azeez* <http://twitter.com/afkham_azeez> *linked-in: **http://lk.linkedin.com/in/afkhamazeez <http://lk.linkedin.com/in/afkhamazeez>* *Lean . Enterprise . Middleware*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
