Yes I think the point was conveyed clearly. I agree on both accounts. Chris
On Wed, Feb 9, 2011 at 6:50 PM, Dheeraj Goswami <[email protected]> wrote: > a) I think it is obvious that security sensitive information like password > should never be used in toString or should never be logged etc. > b) But his question is still valid and that is - "Is there a way to control > the toString() in thrift" > Looks like we are mixing a) & b) > > cheers, > > --dheeraj > > --- On Wed, 2/9/11, Chris Morgan <[email protected]> wrote: > > From: Chris Morgan <[email protected]> > Subject: Re: how to avoid a password field in toString > To: "[email protected]" <[email protected]> > Date: Wednesday, February 9, 2011, 3:40 PM > > Josh is pointing you in the right direction. You should hash the password. > > What kind of system is this? Security has to be considered from end to > end. Are you communicating between two systems? Who are you worried > about calling tostring()? > > Chris > > > On Feb 9, 2011, at 6:10 PM, si chen <[email protected]> wrote: > >> Thanks, Josh. >> Generally, is there a way we can control how thrift generate toString >> method? >> >> On Wed, Feb 9, 2011 at 3:04 PM, Joshua Kehn <[email protected]> wrote: >> >>> My solution would be to not pass a password around in plaintext. >>> >>> Regards, >>> >>> -Josh >>> ____________________________________ >>> Joshua Kehn | [email protected] >>> "Wielder of the Programming Broomstick" >>> >>> On Feb 9, 2011, at 6:03 PM, si chen wrote: >>> >>>> Hi >>>> I am using thrift to pass a struct like below: >>>> >>>> struct User { >>>> 1: string user; >>>> 2: string password; >>>> } >>>> >>>> It works as expected, however, the "toString" method generated by thrift >>>> always add the password field in plain text, how can I instruct thrift >>> NOT >>>> to include password field in toString method? I mean, if I log the >>> struct, I >>>> don't want to see the password being printed to log in plain text. >>>> >>>> User u; >>>> u.setUser("user"); >>>> u.setPassword("1234"); >>>> log.info(u); >>>> >>>> Thanks >>>> Si >>> >>> >
