Reputation: 135
Masking data from exception message while logging
If any exception occurs in the code, we have logged the exception using the logback logger. While logging we have directly passed the exception object e to the error method.
The exception which has been thrown from a third party jar contains sensitive information like username and password. Currently, we have the username and password as the private field in the code. But it does not seem appropriate to check for check log message do string comparison and then log.
As the exception is thrown by the third party API, fixed pattern for the exception is not known. That's why we are not able to use the %replace.
What is a good way to mask the sensitive data in the exception?
Upvotes: 2
Views: 1437
Answers (1)
Reputation: 868
if you can catch/rethrow the exception, wrapp it into one of your own exception, with a String filter on the message.
as a last solution, disable logging from this API packages
Upvotes: 1
Related Questions
- Add custom message to thrown exception while maintaining stack trace in Java
- Mask certain string attributes in Java during logging?
- Disable logging for one exception
- Best Practices to create Message for Logging or Exception in Java
- How to mask log4j2 log messages
- Information from the exception object via java.util.logging
- Logback - custom output for exceptions
- Adding info to an exception
- Extracting user-friendly exception details in Java
- Wrapping an exception and hiding sensitive details