Re: how to prevent logging passwords in request and sessionparams?

[Marcus Crafter]

Hi Timothy,

On Fri, Sep 20, 2002 at 11:43:48AM -0400, Timothy Larson wrote:
> It would be helpfull if the request parameters and session attributes
> were logged, but with certain ones not showing their values.
> 
> For example:
>   SESSION ATTRIBUTES:
> PARAM: 'username' VALUE: 'tdlarson'
> PARAM: 'password' VALUE: '*'
> 
> Ideally, I would want to be able to specify which sensitive parameters
> and attributes to hide the values of, possibly using wildcards.
> Any ideas how to do this?

To do this you probably need to write your own logkit filter to
check the LogEvent for these strings and modify them if needed:

http://jakarta.apache.org/avalon/logkit/api/org/apache/log/filter/package-summary.html

Cheers,

Marcus

-- 
.
 ,,$,  Marcus Crafter
;$'  ':Computer Systems Engineer
$: :   ManageSoft GmbH
 $   o_)$$$:   82-84 Mainzer Landstrasse
 ;$,_/\ &&:'   60327 Frankfurt Germany
   ' /( &&&
   \_'
  .
&&&:

-
Please check that your question  has not already been answered in the
FAQ before posting. 

To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail:   <[EMAIL PROTECTED]>

Re: how to prevent logging passwords in request and sessionparams?

[Vadim Gritsenko]

Barbara Post wrote:

>second question : yes : see rotation tag in WEB-INF/logkit.xconf.
>

First question: use log categories. Change log level for category where 
username/pwd are logged.If this is sitemap component, you can even 
assign it separate log category.

Vadim


>Babs
>- Original Message - 
>From: "Timothy Larson" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Thursday, September 19, 2002 6:17 PM
>Subject: how to prevent logging passwords in request and sessionparams?
>
>
>How do you prevent logging of passwords held in request parameters
>and session attributes?  I do not want to turn off logging completely.
>
>By the way, is there any sort of automated log rotation for cocoon
>to prevent the logs getting too big?
>
>Tim
>  
>




-
Please check that your question  has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>

To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail:   <[EMAIL PROTECTED]>

Re: how to prevent logging passwords in request and sessionparams?

[Barbara Post]

second question : yes : see rotation tag in WEB-INF/logkit.xconf.

Babs
- Original Message - 
From: "Timothy Larson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 19, 2002 6:17 PM
Subject: how to prevent logging passwords in request and sessionparams?


How do you prevent logging of passwords held in request parameters
and session attributes?  I do not want to turn off logging completely.

By the way, is there any sort of automated log rotation for cocoon
to prevent the logs getting too big?

Tim



-
Please check that your question  has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>

To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail:   <[EMAIL PROTECTED]>



-
Please check that your question  has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>

To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail:   <[EMAIL PROTECTED]>

how to prevent logging passwords in request and sessionparams?

[Timothy Larson]

How do you prevent logging of passwords held in request parameters
and session attributes?  I do not want to turn off logging completely.

By the way, is there any sort of automated log rotation for cocoon
to prevent the logs getting too big?

Tim



-
Please check that your question  has not already been answered in the
FAQ before posting. 

To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail:   <[EMAIL PROTECTED]>