My thoughts as an enterprise Java developer.

Wednesday, October 02, 2013

Keeping sensitive data out of logs

When a product has logging there is a risk that sensitive data(i.e. passwords) will make it into the logs. How do we reduce that risk?

Logging an object or adding toString to a class might not obviously leak sensitive data so it is probably better to make sensitive data obvious. i.e. If sensitive data is stored in a Properties object, as soon as the properties object is obtained, it should move sensitive data to a separate location (i.e. a separate String variable in the class) and remove the sensitive data from properties so it is obvious that there is sensitive data.

No comments: