logging-log4j-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James A. N. Stauffer" <stauffer.ja...@gmail.com>
Subject Re: Suppressing passwords in the log files?
Date Mon, 15 Oct 2007 17:35:41 GMT
You could use a filter to surpress the message any message that has
"password" in it.

On 10/15/07, John Smith <mmu6culus@gmail.com> wrote:
> Hi,
> Is there any way to suppress passwords' display in the log files?
> I am concerned that log files will be accessible to various users on
> the server, disclosing the application passwords to them.
>
> Is there some way to filter the passwords before they are committed to
> the log file?
>
> Thanks,
> John
>
>
> (2007-10-12 02:02:23,451) 1140750 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:259  -                password =
> TESTPASSWORD
>
> (2007-10-12 02:02:23,452) 1140751 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:259  -                Submit = Go
>
> (2007-10-12 02:02:23,452) 1140751 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:259  -                redirectURL
> =
>
> (2007-10-12 02:02:23,453) 1140752 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:259  -                username =
> TESTUSERNAME
>
> (2007-10-12 02:02:23,455) 1140754 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.catalina.core.ApplicationDispatcher:185  -
> servletPath=/auth/loginMessage.jsp, pathInfo=null, queryString=null,
> name=null
>
> (2007-10-12 02:02:23,456) 1140755 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.catalina.core.ApplicationDispatcher:562  -  Path Based
> Include
>
> (2007-10-12 02:02:23,457) 1140756 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:249  - JspEngine -->
> /auth/loginMessage.jsp
>
> (2007-10-12 02:02:23,458) 1140757 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:250  -            ServletPath:
> /auth/loginWarning.jsp
>
> (2007-10-12 02:02:23,458) 1140757 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:251  -               PathInfo:
> null
>
> (2007-10-12 02:02:23,459) 1140758 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:252  -               RealPath:
> /opt/jboss-4.2.0.GA/server/storeapp/./deploy/jboss-storeapp.ear/jboss-storeapp.war/auth/loginMessage.jsp
>
> (2007-10-12 02:02:23,460) 1140759 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:253  -             RequestURI:
> /admin/auth/loginWarning.jsp
>
> (2007-10-12 02:02:23,461) 1140760 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:254  -            QueryString:
> null
>
> (2007-10-12 02:02:23,461) 1140760 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:255  -         Request Params:
>
> (2007-10-12 02:02:23,462) 1140761 [ajp-0.0.0.0-8100-14] DEBUG
> org.apache.jasper.servlet.JspServlet:259  -                password =
> TESTPASSWORD
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: log4j-user-unsubscribe@logging.apache.org
> For additional commands, e-mail: log4j-user-help@logging.apache.org
>
>


-- 
James A. N. Stauffer        http://www.geocities.com/stauffer_james/
Are you good? Take the test at http://www.livingwaters.com/good/

---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-user-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-user-help@logging.apache.org


Mime
View raw message