Projects‎ > ‎

Logging Password Data: Payload


Request/Response payload data may include user password data that is in "the clear". This data should not be stored in the logs.


Option 1

Add a new "type" to the StructureType enum ... called "Password". This would be used to store an encrypted value. The encode/decode process of the Converter would look for Structures that have a name of "password" and create a "Password" StructureType instead of a String StructureType. The value of the password data would be encrypted before being added to the new Password StructureType. If the Structure is either explicitly read or displayed with toString() the encrypted value would be shown, instead of the clear text.

Option 2

Add a new "flag" method isSensitive() to the StructureIF. This could be set when the password is stored. The toString() method would be modified to not show the value of "sensitive" values. Instead, a "dummy" String could be shown.