Method logging code should recognize an @Password annotation and obscure the
output written to the log
------------------------------------------------------------------------------------------------------
Key: TAPESTRY-2477
URL: https://issues.apache.org/jira/browse/TAPESTRY-2477
Project: Tapestry
Issue Type: Improvement
Components: tapestry-ioc
Affects Versions: 5.0.13
Reporter: Howard M. Lewis Ship
Priority: Minor
Currently, log output may include plaintext passwords (or other secure data).
I nice solution might be to mark parameters (or the method itself,i.e., the
return value) as @Password (or something similar) to clue in the logging code
that the parameter in question should be written out as a series of asterisks
or otherwise obscured.
@Secure is already taken; @SecureData, @NotForPryingEyes, @ObscureInOutput,
something similar?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
