Hello, Thanks for your suggestion. I agree one way to encypt the fields is on the incoming request. That way if we output the request to log, then fields would already be encrypted. The issue is that the requests are coming from a third party and they have already stated that they do not want to encrypt the fields. We are using SSL so their already is a level of encryption at the transport layer and they do not want to have to encrypt individual fields within the request.
Thanks, Terry ----- Original Message ---- From: Nikolas Nikou <[email protected]> To: Log4J Developers List <[email protected]> Sent: Tue, May 18, 2010 1:18:54 PM Subject: Re: Password obfuscation Hi Terry, I don't know how your system works but here is an idea, why don't you encrypt sensitive information over the net? Nikolas στις 18/5/2010 5:39 μμ, O/H Terry Mah έγραψε: > Hello, > I do not have any experience in development within log4j, but I am wondering > if you could point me in the right direction. Currently we are using jetty > and axis2 for our SOAP server. > > We have a need to NOT log any information if it is a password or account ID. > Since log4j is mostly used for SOAP requests all passwords and account ID's > should follow a basic set of rules. (i.e. contained within a SOAP envelope, > XML, etc). > > Is there a feasible solution where I code alter the log4j code such that I > don't have to modify any other 3rd party app to achieve my goal? > > Thanks for the assistance. > > Terry > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
