Hi -- I'm fairly new to Camel, but my impression is that URIs with sensitive data are common and that URIs are frequently logged. I bumped into this myself most recently with an FTP consumer. I ended up with log messages like this:
RemoteFileProducer 2010-08-31 16:21:45,459 -- INFO -- Connected and logged in to: Endpoint[sftp://myusern...@my.host.name/var/my/path?fileName=myFile.txt&password=yikesMyPassword] I propose a sane-defaults patch of modifying DefaultEndoint.java's toString to sanitize the URI by looking for URI params containing the tokens "password" or "passphrase" and rendering their value as "*******" instead of the actual value. Obviously this isn't always the right thing to do in every situation, but it seems appropriate for many endpoints. Any for which it is not appropriate could override toString. If folks like this idea I have a patch I'm happy to submit. http://github.com/lorrin/camel/commit/a8719ccde91c438f95ed173be1e2405d96b8b13d Cheers -Lorrin
