Nice answer. My guess would have been no because it's just suppose to handle everything it is given without discrimination.
Regards, -Josh ____________________________________ Joshua Kehn | [email protected] "Wielder of the Programming Broomstick" On Feb 9, 2011, at 6:56 PM, Bryan Duxbury wrote: > No. > > On Wed, Feb 9, 2011 at 3:55 PM, si chen <[email protected]> wrote: > >> Exactly, let's forget about the password. Is there a way to control how >> thrift generate toString? >> >> On Wed, Feb 9, 2011 at 3:50 PM, Dheeraj Goswami <[email protected] >>> wrote: >> >>> a) I think it is obvious that security sensitive information like >> password >>> should never be used in toString or should never be logged etc. >>> b) But his question is still valid and that is - "Is there a way to >> control >>> the toString() in thrift" >>> Looks like we are mixing a) & b) >>> >>> cheers, >>> >>> --dheeraj >>> >>> --- On Wed, 2/9/11, Chris Morgan <[email protected]> wrote: >>> >>> From: Chris Morgan <[email protected]> >>> Subject: Re: how to avoid a password field in toString >>> To: "[email protected]" <[email protected]> >>> Date: Wednesday, February 9, 2011, 3:40 PM >>> >>> Josh is pointing you in the right direction. You should hash the >> password. >>> >>> What kind of system is this? Security has to be considered from end to >>> end. Are you communicating between two systems? Who are you worried >>> about calling tostring()? >>> >>> Chris >>> >>> >>> On Feb 9, 2011, at 6:10 PM, si chen <[email protected]> wrote: >>> >>>> Thanks, Josh. >>>> Generally, is there a way we can control how thrift generate toString >>>> method? >>>> >>>> On Wed, Feb 9, 2011 at 3:04 PM, Joshua Kehn <[email protected]> wrote: >>>> >>>>> My solution would be to not pass a password around in plaintext. >>>>> >>>>> Regards, >>>>> >>>>> -Josh >>>>> ____________________________________ >>>>> Joshua Kehn | [email protected] >>>>> "Wielder of the Programming Broomstick" >>>>> >>>>> On Feb 9, 2011, at 6:03 PM, si chen wrote: >>>>> >>>>>> Hi >>>>>> I am using thrift to pass a struct like below: >>>>>> >>>>>> struct User { >>>>>> 1: string user; >>>>>> 2: string password; >>>>>> } >>>>>> >>>>>> It works as expected, however, the "toString" method generated by >>> thrift >>>>>> always add the password field in plain text, how can I instruct >> thrift >>>>> NOT >>>>>> to include password field in toString method? I mean, if I log the >>>>> struct, I >>>>>> don't want to see the password being printed to log in plain text. >>>>>> >>>>>> User u; >>>>>> u.setUser("user"); >>>>>> u.setPassword("1234"); >>>>>> log.info(u); >>>>>> >>>>>> Thanks >>>>>> Si >>>>> >>>>> >>> >>
