[ https://issues.apache.org/jira/browse/DELTASPIKE-382?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13682520#comment-13682520 ]
Gerhard Petracek edited comment on DELTASPIKE-382 at 6/13/13 6:40 PM: ---------------------------------------------------------------------- @denis: yes (or a hash-code created by a cryptographic hash-function) imo we shouldn't support such very questionable approaches. was (Author: gpetracek): yes (or a hash-code created by a cryptographic hash-function) imo we shouldn't support such very questionable approaches. > mask out passwords and other credentials > ---------------------------------------- > > Key: DELTASPIKE-382 > URL: https://issues.apache.org/jira/browse/DELTASPIKE-382 > Project: DeltaSpike > Issue Type: New Feature > Components: Configuration > Affects Versions: 0.4 > Reporter: Mark Struberg > Assignee: Mark Struberg > Fix For: 0.5 > > > Our configuration mechanism currently logs all the configured values. > This makes it hard to use it for passwords and stuff. > I suggest we introduce some specific prefix property to configure configs > which contain sensitive information. > For the key 'some.random.password' this could look like: > deltaspike_config.mask.some.random.password=true > In the log we would in this case just output the information whether and > where we did find some value, but not print the details for all configs which > start with all of the configured masks. > I'm not yet sure though how to configure this best. Suggestions appreciated! -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira