We are happy to apply patches, thanks for the contribution. The proper way though is to create an issue in jira and attach the patch to it. Please check the "grant license to apache" when you attach the patch, otherwise we will not be able to apply.
Coincidentally I was thinking about the very same issue today and I fear it affects other components. My thought though was to annotate the secret fields with some think like @Secret. How about that? Thanks, Hadrian On Sep 1, 2010, at 4:21 PM, Lorrin Nelson wrote: > Hi -- > > I'm fairly new to Camel, but my impression is that URIs with sensitive data > are common and that URIs are frequently logged. I bumped into this myself > most recently with an FTP consumer. I ended up with log messages like this: > > RemoteFileProducer 2010-08-31 16:21:45,459 -- INFO -- Connected and logged in > to: > Endpoint[sftp://myusern...@my.host.name/var/my/path?fileName=myFile.txt&password=yikesMyPassword] > > I propose a sane-defaults patch of modifying DefaultEndoint.java's toString > to sanitize the URI by looking for URI params containing the tokens > "password" or "passphrase" and rendering their value as "*******" instead of > the actual value. Obviously this isn't always the right thing to do in every > situation, but it seems appropriate for many endpoints. Any for which it is > not appropriate could override toString. > > If folks like this idea I have a patch I'm happy to submit. > > http://github.com/lorrin/camel/commit/a8719ccde91c438f95ed173be1e2405d96b8b13d > > Cheers > -Lorrin
