No. On Wed, Feb 9, 2011 at 3:55 PM, si chen <[email protected]> wrote:
> Exactly, let's forget about the password. Is there a way to control how > thrift generate toString? > > On Wed, Feb 9, 2011 at 3:50 PM, Dheeraj Goswami <[email protected] > >wrote: > > > a) I think it is obvious that security sensitive information like > password > > should never be used in toString or should never be logged etc. > > b) But his question is still valid and that is - "Is there a way to > control > > the toString() in thrift" > > Looks like we are mixing a) & b) > > > > cheers, > > > > --dheeraj > > > > --- On Wed, 2/9/11, Chris Morgan <[email protected]> wrote: > > > > From: Chris Morgan <[email protected]> > > Subject: Re: how to avoid a password field in toString > > To: "[email protected]" <[email protected]> > > Date: Wednesday, February 9, 2011, 3:40 PM > > > > Josh is pointing you in the right direction. You should hash the > password. > > > > What kind of system is this? Security has to be considered from end to > > end. Are you communicating between two systems? Who are you worried > > about calling tostring()? > > > > Chris > > > > > > On Feb 9, 2011, at 6:10 PM, si chen <[email protected]> wrote: > > > > > Thanks, Josh. > > > Generally, is there a way we can control how thrift generate toString > > > method? > > > > > > On Wed, Feb 9, 2011 at 3:04 PM, Joshua Kehn <[email protected]> wrote: > > > > > >> My solution would be to not pass a password around in plaintext. > > >> > > >> Regards, > > >> > > >> -Josh > > >> ____________________________________ > > >> Joshua Kehn | [email protected] > > >> "Wielder of the Programming Broomstick" > > >> > > >> On Feb 9, 2011, at 6:03 PM, si chen wrote: > > >> > > >>> Hi > > >>> I am using thrift to pass a struct like below: > > >>> > > >>> struct User { > > >>> 1: string user; > > >>> 2: string password; > > >>> } > > >>> > > >>> It works as expected, however, the "toString" method generated by > > thrift > > >>> always add the password field in plain text, how can I instruct > thrift > > >> NOT > > >>> to include password field in toString method? I mean, if I log the > > >> struct, I > > >>> don't want to see the password being printed to log in plain text. > > >>> > > >>> User u; > > >>> u.setUser("user"); > > >>> u.setPassword("1234"); > > >>> log.info(u); > > >>> > > >>> Thanks > > >>> Si > > >> > > >> > > >
