a) I think it is obvious that security sensitive information like password should never be used in toString or should never be logged etc. b) But his question is still valid and that is - "Is there a way to control the toString() in thrift" Looks like we are mixing a) & b)
cheers, --dheeraj --- On Wed, 2/9/11, Chris Morgan <[email protected]> wrote: From: Chris Morgan <[email protected]> Subject: Re: how to avoid a password field in toString To: "[email protected]" <[email protected]> Date: Wednesday, February 9, 2011, 3:40 PM Josh is pointing you in the right direction. You should hash the password. What kind of system is this? Security has to be considered from end to end. Are you communicating between two systems? Who are you worried about calling tostring()? Chris On Feb 9, 2011, at 6:10 PM, si chen <[email protected]> wrote: > Thanks, Josh. > Generally, is there a way we can control how thrift generate toString > method? > > On Wed, Feb 9, 2011 at 3:04 PM, Joshua Kehn <[email protected]> wrote: > >> My solution would be to not pass a password around in plaintext. >> >> Regards, >> >> -Josh >> ____________________________________ >> Joshua Kehn | [email protected] >> "Wielder of the Programming Broomstick" >> >> On Feb 9, 2011, at 6:03 PM, si chen wrote: >> >>> Hi >>> I am using thrift to pass a struct like below: >>> >>> struct User { >>> 1: string user; >>> 2: string password; >>> } >>> >>> It works as expected, however, the "toString" method generated by thrift >>> always add the password field in plain text, how can I instruct thrift >> NOT >>> to include password field in toString method? I mean, if I log the >> struct, I >>> don't want to see the password being printed to log in plain text. >>> >>> User u; >>> u.setUser("user"); >>> u.setPassword("1234"); >>> log.info(u); >>> >>> Thanks >>> Si >> >>
