Re: how to prevent logging passwords in request and sessionparams?
Barbara Post wrote: second question : yes : see rotation tag in WEB-INF/logkit.xconf. First question: use log categories. Change log level for category where username/pwd are logged.If this is sitemap component, you can even assign it separate log category. Vadim Babs - Original Message - From: Timothy Larson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 19, 2002 6:17 PM Subject: how to prevent logging passwords in request and sessionparams? How do you prevent logging of passwords held in request parameters and session attributes? I do not want to turn off logging completely. By the way, is there any sort of automated log rotation for cocoon to prevent the logs getting too big? Tim - Please check that your question has not already been answered in the FAQ before posting. http://xml.apache.org/cocoon/faq/index.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to prevent logging passwords in request andsessionparams?
Thank you both. I now have the logs rotating, and think I understand the log categories, but there is still one problem. It would be helpfull if the request parameters and session attributes were logged, but with certain ones not showing their values. For example: SESSION ATTRIBUTES: PARAM: 'username' VALUE: 'tdlarson' PARAM: 'password' VALUE: '*' Ideally, I would want to be able to specify which sensitive parameters and attributes to hide the values of, possibly using wildcards. Any ideas how to do this? Tim [EMAIL PROTECTED] 09/20/02 09:50AM Barbara Post wrote: second question : yes : see rotation tag in WEB-INF/logkit.xconf. First question: use log categories. Change log level for category where username/pwd are logged.If this is sitemap component, you can even assign it separate log category. Vadim Babs - Original Message - From: Timothy Larson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 19, 2002 6:17 PM Subject: how to prevent logging passwords in request and sessionparams? How do you prevent logging of passwords held in request parameters and session attributes? I do not want to turn off logging completely. By the way, is there any sort of automated log rotation for cocoon to prevent the logs getting too big? Tim - Please check that your question has not already been answered in the FAQ before posting. http://xml.apache.org/cocoon/faq/index.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to prevent logging passwords in request and sessionparams?
Hi Timothy, On Fri, Sep 20, 2002 at 11:43:48AM -0400, Timothy Larson wrote: It would be helpfull if the request parameters and session attributes were logged, but with certain ones not showing their values. For example: SESSION ATTRIBUTES: PARAM: 'username' VALUE: 'tdlarson' PARAM: 'password' VALUE: '*' Ideally, I would want to be able to specify which sensitive parameters and attributes to hide the values of, possibly using wildcards. Any ideas how to do this? To do this you probably need to write your own logkit filter to check the LogEvent for these strings and modify them if needed: http://jakarta.apache.org/avalon/logkit/api/org/apache/log/filter/package-summary.html Cheers, Marcus -- . ,,$, Marcus Crafter ;$' ':Computer Systems Engineer $: : ManageSoft GmbH $ o_)$$$: 82-84 Mainzer Landstrasse ;$,_/\ :' 60327 Frankfurt Germany ' /( \_' . : - Please check that your question has not already been answered in the FAQ before posting. http://xml.apache.org/cocoon/faq/index.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to prevent logging passwords in request and sessionparams?
second question : yes : see rotation tag in WEB-INF/logkit.xconf. Babs - Original Message - From: Timothy Larson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 19, 2002 6:17 PM Subject: how to prevent logging passwords in request and sessionparams? How do you prevent logging of passwords held in request parameters and session attributes? I do not want to turn off logging completely. By the way, is there any sort of automated log rotation for cocoon to prevent the logs getting too big? Tim - Please check that your question has not already been answered in the FAQ before posting. http://xml.apache.org/cocoon/faq/index.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Please check that your question has not already been answered in the FAQ before posting. http://xml.apache.org/cocoon/faq/index.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
