Exactly, let's forget about the password. Is there a way to control how thrift generate toString?
On Wed, Feb 9, 2011 at 3:50 PM, Dheeraj Goswami <[email protected]>wrote: > a) I think it is obvious that security sensitive information like password > should never be used in toString or should never be logged etc. > b) But his question is still valid and that is - "Is there a way to control > the toString() in thrift" > Looks like we are mixing a) & b) > > cheers, > > --dheeraj > > --- On Wed, 2/9/11, Chris Morgan <[email protected]> wrote: > > From: Chris Morgan <[email protected]> > Subject: Re: how to avoid a password field in toString > To: "[email protected]" <[email protected]> > Date: Wednesday, February 9, 2011, 3:40 PM > > Josh is pointing you in the right direction. You should hash the password. > > What kind of system is this? Security has to be considered from end to > end. Are you communicating between two systems? Who are you worried > about calling tostring()? > > Chris > > > On Feb 9, 2011, at 6:10 PM, si chen <[email protected]> wrote: > > > Thanks, Josh. > > Generally, is there a way we can control how thrift generate toString > > method? > > > > On Wed, Feb 9, 2011 at 3:04 PM, Joshua Kehn <[email protected]> wrote: > > > >> My solution would be to not pass a password around in plaintext. > >> > >> Regards, > >> > >> -Josh > >> ____________________________________ > >> Joshua Kehn | [email protected] > >> "Wielder of the Programming Broomstick" > >> > >> On Feb 9, 2011, at 6:03 PM, si chen wrote: > >> > >>> Hi > >>> I am using thrift to pass a struct like below: > >>> > >>> struct User { > >>> 1: string user; > >>> 2: string password; > >>> } > >>> > >>> It works as expected, however, the "toString" method generated by > thrift > >>> always add the password field in plain text, how can I instruct thrift > >> NOT > >>> to include password field in toString method? I mean, if I log the > >> struct, I > >>> don't want to see the password being printed to log in plain text. > >>> > >>> User u; > >>> u.setUser("user"); > >>> u.setPassword("1234"); > >>> log.info(u); > >>> > >>> Thanks > >>> Si > >> > >> >
