On Mon, Aug 19, 2013 at 7:27 AM, Ralph Goers <[email protected]> wrote:
> What passwords? > For example: - org.apache.logging.log4j.core.net.SMTPManager.FactoryData.password - org.apache.logging.log4j.core.net.JMSTopicManager.password - org.apache.logging.log4j.core.net.JMSQueueManager.FactoryData.password Gary > > Ralph > > On Aug 19, 2013, at 4:22 AM, Gary Gregory <[email protected]> wrote: > > I've seen it done many places: Should we track passwords internally as > char[] instead of String for ivars. > > This prevents Log4j spilling your secrets by accident in a toString to > internal log call. > > Gary > > -- > E-Mail: [email protected] | [email protected] > Java Persistence with Hibernate, Second > Edition<http://www.manning.com/bauer3/> > JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> > Spring Batch in Action <http://www.manning.com/templier/> > Blog: http://garygregory.wordpress.com > Home: http://garygregory.com/ > Tweet! http://twitter.com/GaryGregory > > -- E-Mail: [email protected] | [email protected] Java Persistence with Hibernate, Second Edition<http://www.manning.com/bauer3/> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> Spring Batch in Action <http://www.manning.com/templier/> Blog: http://garygregory.wordpress.com Home: http://garygregory.com/ Tweet! http://twitter.com/GaryGregory
