[jira] [Commented] (DBCP-519) Add some toString() methods for debugging (never printing passwords)

Thu, 16 Aug 2018 12:51:12 -0700 


    [ 
https://issues.apache.org/jira/browse/DBCP-519?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16582995#comment-16582995
 ] 

Phil Steitz commented on DBCP-519:
----------------------------------

Some comments on the implementation
 # usernames are generally also considered security credentials so if these are 
not already exposed, it would probably be good to omit them (i.e. they should 
be looked at as like passwords). That does make the per user pool tostrings 
less useful though.
 # There is no sync control in the builders so returned data may be 
inconsistent (may be a practical non-issue, but might be good to doc)
 # You should check to make sure you have not exposed more info on executing 
SQL than is already available via JMX. That should be discussed if it is the 
case.
 # The setup is nice and clean but I wonder if ongoing maintenance is going to 
be easy (just really asking to look at the impl and think about what 
maintaining it is going to be like as fields are added, etc)

> Add some toString() methods for debugging (never printing passwords)
> --------------------------------------------------------------------
>
>                 Key: DBCP-519
>                 URL: https://issues.apache.org/jira/browse/DBCP-519
>             Project: Commons DBCP
>          Issue Type: Improvement
>            Reporter: Gary Gregory
>            Assignee: Gary Gregory
>            Priority: Major
>             Fix For: 2.6.0
>
>
> Add some toString() methods for debugging never printing passwords:
>  * org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS
>  * org.apache.commons.dbcp2.cpdsadapter.PooledConnectionImpl
>  * org.apache.commons.dbcp2.datasources.CPDSConnectionFactory
>  * org.apache.commons.dbcp2.datasources.InstanceKeyDataSource
>  * org.apache.commons.dbcp2.datasources.PerUserPoolDataSource
>  * org.apache.commons.dbcp2.datasources.SharedPoolDataSource
>  * org.apache.commons.dbcp2.datasources.UserPassKey (updated not to print 
> passwords even though it was a char[] reference.)
> I went YAGNI here and only added what I needed.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to