Remko, To implement this I think I need to modify all my Java classes to define Marker? Is my understanding correct?
Thank you, Sai On Tue, Jan 21, 2014 at 6:57 PM, Remko Popma <remko.po...@gmail.com> wrote: > You could use Markers ( > http://logging.apache.org/log4j/2.x/manual/markers.html ) to mark log > events that may contain sensitive information: > > logger.debug(MARKER_SECURITY_RISK, request.toString()); > > Then, in your log4j2.xml, you can use MarkerFilter ( > http://logging.apache.org/log4j/2.x/manual/filters.html#MarkerFilter ) to > ignore such log events or send then to a special file that the application > has write-only access to, and which only admins can read. > > Would that work? > > > On Wednesday, January 22, 2014, Saibabu Vallurupalli < > saibabu.vallurupa...@gmail.com> wrote: > >> So, we wanted to inspect the message which is getting logged out to avoid >> possible security issues. So, what exactly I am looking is If I wanted to >> add a restriction on whats been logged. How can I achieve this? >> >> For example: log.info("user name"+username+"Password"+password); // This >> is just an example if I see a message having password do not log it or take >> some action. >> >> Please advise. >> >> Thank you, >> Sai >> >> >> On Tue, Jan 21, 2014 at 5:12 PM, Remko Popma <remko.po...@gmail.com>wrote: >> >>> Sorry, but I have no idea what you mean by "neutralize out". >>> What is currently happening and what would you like to happen instead? >>> >>> Sent from my iPhone >>> >>> > On 2014/01/22, at 6:29, Saibabu Vallurupalli < >>> saibabu.vallurupa...@gmail.com> wrote: >>> > >>> > Hi, >>> > >>> > I am working on an issue related to logging. I our application we are >>> using log4j for logging and we detected our software doesn't neutralize out >>> properly. Now, Is there any way without modifying the entire source by >>> going through each and every class we can achieve this functionality of >>> inspecting the message getting logged and take appropriate action. >>> > >>> > We appreciate your support. >>> > >>> > Thank you, >>> > Sai >>> > >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: log4j-dev-unsubscr...@logging.apache.org >>> For additional commands, e-mail: log4j-dev-h...@logging.apache.org >>> >>> >>
