[ 
https://issues.apache.org/jira/browse/DELTASPIKE-382?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13684587#comment-13684587
 ] 

Mark Struberg commented on DELTASPIKE-382:
------------------------------------------

Logging the configured values is something all my operations guy ever wanted. I 
don't agree with the X libs argument. If those other X libs read deltaspike 
configuration, well then that's up to them... 

In practice there is NO way to hide this info from code which is running on 
your server. Well you could activate the SecurityManager, but then 99% of all 
apps would even refuse to start... It doesn't care at all whether you have it 
store symmetrically encrypted or not. At some point in time you need to uncrypt 
it. End then you have all the pwd in plaintext as well. 

Once again: the only way which would technologically be valid is to use Java 
PKI and just utilize the private key stored in the OS or some HSM. But this 
would need the transport to support it. It would work for https, but e.g. not 
for SOAP WS-Security (regardless if https or http), nor for many other login 
mechanism.

Proposed solution: 
I like Romains idea with the SPI. What about an interface 'ConfigFilter' which 
provides 2 different methods, one for 'real' and the other one for 
'logged'/'masked' values?
This ConfigFilter class could e.g. also used to transparently do the symmetric 
decryption for configuration which gets stored encrypted.
                
> mask out passwords and other credentials
> ----------------------------------------
>
>                 Key: DELTASPIKE-382
>                 URL: https://issues.apache.org/jira/browse/DELTASPIKE-382
>             Project: DeltaSpike
>          Issue Type: New Feature
>          Components: Configuration
>    Affects Versions: 0.4
>            Reporter: Mark Struberg
>            Assignee: Mark Struberg
>             Fix For: 0.5
>
>
> Our configuration mechanism currently logs all the configured values.
> This makes it hard to use it for passwords and stuff.
> I suggest we introduce some specific prefix property to configure configs 
> which contain sensitive information.
> For the key 'some.random.password' this could look like:
> deltaspike_config.mask.some.random.password=true
> In the log we would in this case just output the information whether and 
> where we did find some value, but not print the details for all configs which 
> start with all of the configured masks.
> I'm not yet sure though how to configure this best. Suggestions appreciated!

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to