[
https://issues.apache.org/jira/browse/LOG4J2-344?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13743613#comment-13743613
]
Keir commented on LOG4J2-344:
-
Don't see Log4jServletFilter initialized. though my log level
[
https://issues.apache.org/jira/browse/LOG4J2-344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Keir updated LOG4J2-344:
Attachment: web.xml
Log4j2 doesnt work with Weblogic 12c
I've seen it done many places: Should we track passwords internally as
char[] instead of String for ivars.
This prevents Log4j spilling your secrets by accident in a toString to
internal log call.
Gary
--
E-Mail: garydgreg...@gmail.com | ggreg...@apache.org
Java Persistence with Hibernate,
What passwords?
Ralph
On Aug 19, 2013, at 4:22 AM, Gary Gregory garydgreg...@gmail.com wrote:
I've seen it done many places: Should we track passwords internally as char[]
instead of String for ivars.
This prevents Log4j spilling your secrets by accident in a toString to
internal log
On Mon, Aug 19, 2013 at 7:27 AM, Ralph Goers rgo...@apache.org wrote:
What passwords?
For example:
- org.apache.logging.log4j.core.net.SMTPManager.FactoryData.password
- org.apache.logging.log4j.core.net.JMSTopicManager.password
-
Do you need the password ever after authentication?
On Mon, Aug 19, 2013 at 8:55 AM, Gary Gregory garydgreg...@gmail.comwrote:
On Mon, Aug 19, 2013 at 7:27 AM, Ralph Goers rgo...@apache.org wrote:
What passwords?
For example:
-
On Mon, Aug 19, 2013 at 10:25 AM, Paul Benedict pbened...@apache.orgwrote:
Do you need the password ever after authentication?
I guess it depends on whether the code handles re-auth in case of a
disconnect.
Gary
On Mon, Aug 19, 2013 at 8:55 AM, Gary Gregory garydgreg...@gmail.comwrote:
If your class implementation knows it doesn't the password again after
authentication, just null it out. Once you no longer need it, blast it away.
Regarding toString(), make sure it doesn't dump that. Yes. However, char[]
doesn't offer better security if the tool is a heap dump. A String just
I'm not sure how this applies to what you are suggesting, but we should avoid
passwords being in clear text in the configuration. I would suggest using a
standard plugin interface similar to what I did with the secret key provider in
the Flume Appender.
Ralph
On Aug 19, 2013, at 7:29 AM,
Roland Weiglhofer created LOG4J2-363:
Summary: change dependency from commons logging impl to commons
logging API
Key: LOG4J2-363
URL: https://issues.apache.org/jira/browse/LOG4J2-363
Project:
On Mon, Aug 19, 2013 at 10:34 AM, Ralph Goers rgo...@apache.org wrote:
I'm not sure how this applies to what you are suggesting, but we should
avoid passwords being in clear text in the configuration. I would suggest
using a standard plugin interface similar to what I did with the secret key
On Mon, Aug 19, 2013 at 10:52 AM, Gary Gregory garydgreg...@gmail.comwrote:
On Mon, Aug 19, 2013 at 10:34 AM, Ralph Goers rgo...@apache.org wrote:
I'm not sure how this applies to what you are suggesting, but we should
avoid passwords being in clear text in the configuration. I would suggest
Hi All:
I think we should rename PluginAttr to PluginAttribute, it is the only
annotation that is abbreviated in the package. For example, PluginElement
and PluginConfiguration are not abbreviated.
Gary
--
E-Mail: garydgreg...@gmail.com | ggreg...@apache.org
Java Persistence with Hibernate,
+1
On Mon, Aug 19, 2013 at 9:56 AM, Gary Gregory garydgreg...@gmail.comwrote:
Hi All:
I think we should rename PluginAttr to PluginAttribute, it is the only
annotation that is abbreviated in the package. For example, PluginElement
and PluginConfiguration are not abbreviated.
Gary
--
[
https://issues.apache.org/jira/browse/LOG4J2-363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13743879#comment-13743879
]
Gary Gregory commented on LOG4J2-363:
-
Hm, I'm not sure that's the right thing to do
[
https://issues.apache.org/jira/browse/LOG4J2-363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13743892#comment-13743892
]
Remko Popma commented on LOG4J2-363:
Gary, not sure what you mean.
Currently
[
https://issues.apache.org/jira/browse/LOG4J2-363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13743919#comment-13743919
]
Gary Gregory commented on LOG4J2-363:
-
Well, it depends on your POV I suppose. If you
[
https://issues.apache.org/jira/browse/LOG4J2-363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13743965#comment-13743965
]
Ralph Goers commented on LOG4J2-363:
Gary, Please note that Apache Commons Logging
This discussion comes up on the Tomcat mailing list at least every few months,
and it always ends the same way.
The passwords are in a configuration file. That configuration file lives with
the application. So, for example, if the application is a web app the
configuration file lives on the
+1
Be sure to check the CheckStyle errors after this. It is going to complain
about a LOT of code.
N
On Aug 19, 2013, at 9:59 AM, Paul Benedict wrote:
+1
On Mon, Aug 19, 2013 at 9:56 AM, Gary Gregory garydgreg...@gmail.com wrote:
Hi All:
I think we should rename PluginAttr to
A couple of thoughts.
a) Is PluginAttribute really any clearer than PluginAttr?
b) Take a look at the SyslogAppender, JMSTopicAppender and some of the other
ones. Changing PluginAttr to PluginAttribute adds 5 more characters to the
lines. That may not seem like much but it forces the
David Nault created LOG4J2-364:
--
Summary: WebLookup
Key: LOG4J2-364
URL: https://issues.apache.org/jira/browse/LOG4J2-364
Project: Log4j 2
Issue Type: New Feature
Components: Core
[
https://issues.apache.org/jira/browse/LOG4J2-364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Nault updated LOG4J2-364:
---
Attachment: WebLookup.java
Attached a draft implementation. It's incomplete -- it needs to get the
[
https://issues.apache.org/jira/browse/LOG4J2-364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Nault updated LOG4J2-364:
---
Description:
Add a web lookup plugin for resolving a webapp's root directory. Investigate
whether
24 matches
Mail list logo