Right now, everything is logged. It would be useful to be able to
configure certain column values to not be logged, especially in a
production environment. The main use case for this would be PII
(Personally Identifiable Information -- passwords, birthdays, social
security numbers, etc). Arguably, that information should be
hashed/encrypted, but it is still not something you'd want leaked into a
log file. Whenever a value isn't to be logged, put "[skipped]" in the log
output.
I think it should work something like this:
DataMap:
Add a "Sensitive Logging" checkbox. Perhaps right under the "Optimistic
Logging" checkbox. Default = ON.
DbEntity / Entity Tab:
Add a "Sensitive Logging" checkbox (basically mirroring the ObjEntity
"Optimistic Logging" checkbox). Default = ON.
DbEntity / Attributes Tab:
Add a "Sensitive Logging" checkbox column (beside PK and Mandatory).
Default = OFF. (OFF means log the value normally. ON means conditionally
log per behavior below).
Upgrading older models:
Default DataMap and DbEntity to ON. Leave DbEntity attributes OFF.
Behavior:
skipped =
DataMap.ON &&
DbEntity.Entity.ON &&
DbEntity.Entity.Attribute.ON &&
Log.Level > DEBUG
if skipped
log [skipped]
else
log value
In a production environment, log levels are typically
INFO/WARN/ERROR/FATAL, so factor that into the skipping equation. When
developing, log levels are typically DEBUG/TRACE, and in that case, log the
value.
Also, given that all of the above can be changed at run-time, it allows
flexibility in a production environment to turn the sensitive logging
on/off through admin interfaces should the need arise.
Thoughts?
Thanks,
mrg
