[jira] Commented: (TAP5-177) Method logging code should recognize an @Password annotation and obscure the output written to the log

Howard M. Lewis Ship (JIRA) Wed, 06 Jan 2010 13:43:21 -0800

    [ 
https://issues.apache.org/jira/browse/TAP5-177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12797321#action_12797321
 ]


Howard M. Lewis Ship commented on TAP5-177:
-------------------------------------------

I think I like @Sensitive

> Method logging code should recognize an @Password annotation and obscure the 
> output written to the log
> ------------------------------------------------------------------------------------------------------
>
>                 Key: TAP5-177
>                 URL: https://issues.apache.org/jira/browse/TAP5-177
>             Project: Tapestry 5
>          Issue Type: Improvement
>    Affects Versions: 5.0.15
>            Reporter: Howard M. Lewis Ship
>            Priority: Minor
>
> Currently, log output may include plaintext passwords (or other secure data). 
>  I nice solution might be to mark parameters (or the method itself,i.e., the 
> return value) as @Password (or something similar) to clue in the logging code 
> that the parameter in question should be written out as a series of asterisks 
> or otherwise obscured.
> @Secure is already taken; @SecureData, @NotForPryingEyes, @ObscureInOutput, 
> something similar?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (TAP5-177) Method logging code should recognize an @Password annotation and obscure the output written to the log

Reply via email to