commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jörg Schaible <Joerg.Schai...@scalaris.com>
Subject Re: svn commit: r1448560 - in /commons/proper/vfs/trunk: core/src/main/java/org/apache/commons/vfs2/provider/ftp/FtpClientFactory.java src/changes/changes.xml
Date Thu, 21 Feb 2013 09:55:08 GMT
Hi Sebb,

sebb wrote:

> On 21 February 2013 09:25,  <joehni@apache.org> wrote:
>> Author: joehni
>> Date: Thu Feb 21 09:25:37 2013
>> New Revision: 1448560
>>
>> URL: http://svn.apache.org/r1448560
>> Log:
>> Sent FTP/FTPS commands and the received answer is logged at debug level
>> (VFS-459).

[snip]

>> @@ -97,6 +104,23 @@ public final class FtpClientFactory
>>                 {
>>                     final C client = createClient(fileSystemOptions);
>>
>> +                   if (log.isDebugEnabled()) {
>> +                                       final Writer writer = new
>> StringWriter(1024){
>> +                                               @Override
>> +                                               public void flush()
>> +                                               {
>> +                                                       final
>> StringBuffer buffer = getBuffer();
>> +                                                       String message =
>> buffer.toString();
>> +                                                       if
>> (message.toUpperCase().startsWith("PASS ") && message.length() > 5) {
>> +                                                               message =
>> "PASS ***";
>> +                                                       }
>> +                                                      
>> log.debug(message);
>> +                                                      
>> buffer.setLength(0);
>> +                                               }
>> +                       };
>> +                       client.addProtocolCommandListener(new
>> PrintCommandListener(new PrintWriter(writer)));
> 
> Why not use the built-in login suppression facility?
> 
> client.addProtocolCommandListener(new PrintCommandListener(new
> PrintWriter(writer), true));

Because the built-in login suppression hides password AND user.

> Also, AFAICT the obfuscation only applies to messages which happen to
> have the PASS command at the start of a buffer when flush is called.

Yes, but that's the case. The PrintWriter flushes for each line and the 
implementation above clears the buffer after each line.

Cheers,
Jörg


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message