On 15-04-2009 at 10:09, Stone, Timothy wrote:
> While I do not have a solution to pass along, I have suggestion based on
> what we use here: a field annotation.
>
> @Secure for example prints on the object's toString method the last four
> digits of an SSN.
>
> Conceivably, one could have a @PasswordSecure annotation on the field
> that simply masks the whole field with "*" in the log.
I see several problems with this. And it's not just from Richard's collected
wisdom ("I don't want to get in the business of trying to stop folks from
failing. It is way too much work and never pays off :D").
My gripeѕ:
1. Don't be patronizing to your users.
Example: a kitchen knife is used by far the most for benign purposes, i.e.
making food. Only in very few cases is it used to murder someone. Thus,
kitchen knives are not forbidden.
In the same spirit, trust your customers to handle their own
responsibilities. I.e., trust them to set the log level on production servers
to INFO or higher.
2. A secure application is auditable.
Not logging passwords is only the beginning. There is a lot of privacy
sensitive data that you may want to exclude from the log as well, such as
SSN's, medical information, financial information, etc.
But beware: due to legal requirements, many large systems absolutely MUST
be auditable. Especially for large organizations, and even more so for
banks and (semi) government organizations. Suppressing such log info with no
way to unsuppress it can cost you your job faster than you can say "sorry".
3. @Secure is a VERY bad name (minor/trivial issue).
Over time, I've seen an @Secure annotation used for:
- Encryption
- Access Controls
- Authentication
- Really, really ensuring information is kept, using redundancy
- Hiding log info, i.e. ensuring information is lost to all but one place
Obviously, the term "secure" has too many meanings.
Oscar
--
,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/
/() )
(__ ( I love deadlines. I like the whooshing sound they make as they fly
=/ () by. -- Douglas Adams
------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Stripes-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-users
