Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Masking Password in log file

 
Nila Shah
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I need several field in the logfile to be masked.
Like the creditcard info or password.
Do we have any direct way to do it ?
Or any code piece we have to write in for logg fields to mask those Credit card info so that those will be appreaed mask in log file.
Example:
CreditcardNo:411111111111 should apprear in log file as *********1111
password assword123 should apprear in log as ***********
 
Jaikiran Pai
Marshal
Pie
Posts: 10447
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What are you using for logging? Any frameworks? Are these logs generated from a java application?
 
Nila Shah
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes. This application is a struts base application and log4j is used for logging.
 
Jaikiran Pai
Marshal
Pie
Posts: 10447
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If all that you want is to mask those fields from your logs, you wont have to do much. If your current code is:



Just change it to



Is this what you are looking for? Or have i understood your question wrong?
 
Nila Shah
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Jaikiran for your reply.
But My issue is it should dynamically do that masking.
For and example if the creditcard number is 123456789 then it should show in log file as *****6789.

So I can't replace with only "*************"
 
steve souza
Ranch Hand
Posts: 862
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you would like a more general solution I have a class that takes any String that is surrounded by quotes or double quotes, and replaces it with a '?'. You could do something similar. Create your own logger class and call log4j from it



Another option would be to create a log4j appender or Layout Conversion that does the same. The advantage of this approach is that you wouldn't have to change your code that calls logger. If you are interested in such code i can post it.
[ June 04, 2007: Message edited by: steve souza ]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic