Uploaded image for project: 'Commons Lang'
  1. Commons Lang
  2. LANG-945

ToStringBuilder can expose passwords and other sensitive data in logs

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Duplicate
    • None
    • None
    • lang.builder.*
    • None

    Description

      We just noticed ToStringBuilder was exposing passwords in our logs - would be nice to have a way of either ignoring or obfiscating the value of fields either by passing in a vararg to the builder or having an annotation to do this.

      Also, 'password' could possibly always be obfiscated by default?

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. LANG-226 [lang] Using ReflectionToStringBuilder and excluding secure fields

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              Unassigned Unassigned
              djg2002 David Green
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: