Dean,
You are right to be generally concerned about such a practice, however I may
be able to offer you a solution to prevent from such a thing from being kept
long term within logs.
Quick Log4J tutorial for those who need it:
* appenders = storage mechanisms for log messages
* loggers = programmatic mechanisms for logging messages
* priority = severity of messages; TRACE, DEBUG, INFO, WARN, ERROR, FATAL
In case you don't know, Log4J has an interesting featured associated with
appenders called "threshold" that limits the priorities that are stored
within the appender. The threshold of an appender prevents messages with a
lower priority from being stored in the appender, so you can configure your
log file appender with a threshold of INFO and no messages with a priority
of DEBUG or TRACE will be capture.
The initial reaction to this is, "Well that is useless because I need to see
DEBUG or TRACE messages". The second thing that must be done is to create
an appender that stores messages to some other file but without a threshold.
This appender will then be configured for loggers within a specific package
or class at the necessary priority needed.
Here is an example:
log4j.rootLogger=INFO, fileAppender
####################################################################
# LsuLayout logger (easy for code to parse, hard for humans to read)
# only log above INFO (so we don't log sensitive data if that is enabled)
####################################################################
log4j.appender.fileAppender=org.apache.log4j.DailyRollingFileAppender
log4j.appender.fileAppender.threshold=INFO
log4j.appender.fileAppender.file=${catalina.home}/logs/cas.log
log4j.appender.fileAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.fileAppender.layout.conversionPattern=%n%d [%t] %p %c - %m%n
##########################################################
# when enabled, logs sensitive data like SSN, LSU ID, etc.
##########################################################
log4j.appender.sensitiveDataAppender=org.apache.log4j.FileAppender
log4j.appender.sensitiveDataAppender.file=/secret/location/DELETE_ME-AFTERWA
RDS.log
log4j.appender.sensitiveDataAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.sensitiveDataAppender.layout.conversionPattern=%n%d [%t] %p
%c - %m%n
############################################################################
# enable sensitive data by uncommenting the below lines
############################################################################
log4j.logger.org.jasig.cas.web.flow = TRACE, sensitiveDataAppender
So rather this being a poor choice in the logging standards, I think this is
a bigger issue with individuals' debugging habits and keeping that type of
information out of logs that cannot be deleted.
Anyhow, try it out and hope this helps!
A-
On 6/12/09 11:09 AM, "deanhe01" <[email protected]> wrote:
>
> Before this starts a long thread..All I am trying to point out is that you
> should be aware that if you turn debug on, there is a chance that you could
> leave user credential information laying around in log files and that might
> be a less than ideal situation
>
>
>
> deanhe01 wrote:
>>
>> As I was looking at log files yesterday I came across the following line:
>>
>> 2009-06-12 08:51:56,460 DEBUG
>> [org.jasig.cas.web.flow.AuthenticationViaFormActio
>> n] - Binding allowed request parameters in map['lt' ->
>> '_c867CA912-466E-BBAE-EB9
>> 4-E793532928A0_kC2CAEC2A-D940-9912-8EBA-3F93B9E1B586', 'service' ->
>> 'http://loca
>> lhost:8888/cornerstone-sso', '_eventId' -> 'submit', 'password' ->
>> 'y3x3.m4f',
>> 'submit' -> 'LOGIN', 'username' -> 'deanhe01'] to form object with name
>> 'credent
>> ials', pre-bind formObject toString = [username: null]
>>
>> Notice the bold. thats the password entered from the CAS login. Now I do
>> realize that I am running in debug mode and that you would not run a
>> production server in debug but, do we have to have the password right
>> there in plain text?
>>
--
Andrew Feller, Analyst
LSU University Information Services
200 Frey Computing Services Center
Baton Rouge, LA 70803
Office: 225.578.3737
Fax: 225.578.6400
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
