[
https://issues.apache.org/jira/browse/OPENJPA-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Dick updated OPENJPA-1678:
----------------------------------
Attachment: OPENJPA-1678-openjpa.CFProps.1.2.x.patch.txt
OPENJPA-1678-openjpa.Log.1.2.x.patch.txt
I've tried it two ways. One uses openjpa.Log to control whether parameters are
printed, the other uses openjpa.ConnectionFactoryProperties.
The openjpa.Log approach is just a proof of concept. The changes will have to
ripple through to any of our LogFactory classes - I just skipped that and cast
to LogFactoryImpl.
The openjpa.CFProperties approach is a bit leaner and less intrusive (I'm
leaning this way at the moment).
> SQL Parameter values may contain sensitive information and should not be
> logged by default.
> -------------------------------------------------------------------------------------------
>
> Key: OPENJPA-1678
> URL: https://issues.apache.org/jira/browse/OPENJPA-1678
> Project: OpenJPA
> Issue Type: Bug
> Affects Versions: 1.0.3, 1.1.0, 1.2.2, 2.0.0, 2.1.0
> Reporter: Michael Dick
> Assignee: Michael Dick
> Fix For: 1.0.4, 1.2.3, 2.0.1, 2.1.0
>
> Attachments: OPENJPA-1678-openjpa.CFProps.1.2.x.patch.txt,
> OPENJPA-1678-openjpa.Log.1.2.x.patch.txt
>
>
> The values for parameters used in our SQL statements may contain sensitive
> information (e.g. social security numbers). By default these values are
> printed in the exception message and in SQL trace. Having the values printed
> can be a great help when debugging an application - but presents a risk when
> used in production.
> To resolve the issue I propose to disable printing the parameter values by
> default. The parameter values will still be tracked internally - but will not
> be displayed in exception messages or trace unless the following property is
> set :
> <property name="openjpa.ConnectionFactoryProperties"
> value="printParameters=true"/>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
