Thanks for the response Jacob. I think I should be more clear about my use case.
I am actually not permitted to store any of these confidential information any where including ( the access logs ). That's why I want to encrypt these information. I can remove the entire query string from being logged at all but these data can be very useful to us so we do want to log them ( without exposing the confidential value in the request ). Thanks! John On 7/20/07, Jacob Rhoden <[EMAIL PROTECTED]> wrote:
John Hui wrote: > I currently have Tomcat access log enable which will log all the query > that > hits my web server. Some of the information is "confidential". So is > there > a mechanism that I can use to add a interceptor or filter to "encrypt" > those > information before it gets log into the access log? > > Any suggestion or pointer would be greatly appreciated! > > John > It would be better to alter the application (if you can) to not include private information inside url's. But either way, just make the logs read writeable only by tomcat. That way the user has to have access to tomcat before they can read the logs. And if the user has access to tomcat, then they will be able to read your logs no matter wether your logs are encrypted or not. (ie if the user has access to tomcat they can simply monitor all incoming traffic via other means, and get much more confidential information than just urls and ip addresses) Best Regards, Jacob --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
