TechQA.

Is it possible to control cayenne logging at a Bean level - in order to stop logging passwords

82 views Asked by At

While running Cayenne with a Java application in DEBUG Mode, the cayenne operations are visible - passwords can be seen in the logs, when a password is changed.

Unable to find information about controlling logging at a bean or class level. The log looks something like !MESSAGE [batch bind: 1->USERPWD:'1923a3d170120bb7709ef2f733c0cd...', 2->SECURID:19]

It would be good to stop logging all password related changes

apache-cayenne
Original Q&A
1

There are 1 answers

0
andrus_a On

Your password is hashed (which is great), and the hash is trimmed, so you are not exposing much. But if you want to be extra cautious, you can install your own JdbcEventLogger:

ServerRuntime rt = ServerRuntime.builder()
   .addModule(b -> b.bind(JdbcEventLogger.class).to(MyJdbcEventLogger.class)
   ....

In Cayenne 4.1 for MyJdbcEventLogger you can subclass Slf4jJdbcEventLogger, overriding its appendParameters to check for parameters that look like passwords. In 4.0 appendParameters is a private method, so you may have to copy/paste the entire Slf4jJdbcEventLogger in your code and make the changes there.

Related Questions in APACHE-CAYENNE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions