If you have full rights about your logger configuration you can either write your own Renderer(s) which filters out the sensitive information within one log statement, or you apply a self written Filter in order to block the log statement entirely if it contains sensitive information. Heri
> -----Original Message----- > From: Terry Mah [mailto:[email protected]] > Sent: Tuesday, May 18, 2010 9:31 PM > To: Nikolas Nikou; Log4J Developers List > Subject: Re: Password obfuscation > > Hello, > Thanks for your suggestion. I agree one way to encypt the fields is on the > incoming request. That > way if we output the request to log, then fields would already be encrypted. > The issue is that the > requests are coming from a third party and they have already stated that they > do not want to encrypt > the fields. We are using SSL so their already is a level of encryption at > the transport layer and > they do not want to have to encrypt individual fields within the request. > > Thanks, > > Terry > > > > > ----- Original Message ---- > From: Nikolas Nikou <[email protected]> > To: Log4J Developers List <[email protected]> > Sent: Tue, May 18, 2010 1:18:54 PM > Subject: Re: Password obfuscation > > Hi Terry, > I don't know how your system works but here is an idea, > why don't you encrypt sensitive information over the net? > Nikolas > > στις 18/5/2010 5:39 μμ, O/H Terry Mah έγραψε: > > Hello, > > I do not have any experience in development within log4j, but I am > > wondering if you could point me > in the right direction. Currently we are using jetty and axis2 for our SOAP > server. > > > > We have a need to NOT log any information if it is a password or account > > ID. Since log4j is mostly > used for SOAP requests all passwords and account ID's should follow a basic > set of rules. (i.e. > contained within a SOAP envelope, XML, etc). > > > > Is there a feasible solution where I code alter the log4j code such that I > > don't have to modify any > other 3rd party app to achieve my goal? > > > > Thanks for the assistance. > > > > Terry > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
