> we should use a belt and suspenders on this one and never pass > credential objects to anything, even a logger, but only pass sanitized > objects that the Credentials object tell us is safe.
I like the idea of passing a safe string representation of a credential to the logging infrastructure, e.g. CredentialString. It's difficult to imagine, though, how the conversion to such an object would occur via an aspect on a method that is given a Credential to begin with. I don't think there's anything to be gained from subclassing Credential or a separate getLogData method, because you're still passing the complete credential to other components. You gain nothing over a well-behaved toString method in those cases. M _______________________________________________ cas-dev mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas-dev
