Except that Credentials should never be logged, or if there are loggable credentials (X509) then there should be a subtype of (maybe) LoggableCredentials with a getLogData() method that allows a Credentials object to provide safe log data. Yes I know that the current Credentials objects like UsernamePasswordCredentials have toString() methods that don't expose the password, but it is only a convention that logging necessarily generates a character file by toString(). In the abstract, a Log4J appender can append raw objects to a file, and it just happens that the most commonly used log files turn everything into text. Even if the core credential objects try to be safe, we should use a belt and suspenders on this one and never pass credential objects to anything, even a logger, but only pass sanitized objects that the Credentials object tell us is safe.
As a fallback, log credential.toString() and not credential itself. From: [email protected] [mailto:[email protected]] On Behalf Of Scott Battaglia Sent: Monday, February 02, 2009 11:21 AM To: Mailing list for CAS developers Subject: Re: [cas-dev] Logging in CAS4 Thanks! So it looks like at the INFO level, we should be logging all the interface calls for CentralAuthenticationService (and the params, return values).
_______________________________________________ cas-dev mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas-dev
