The masking of information is great when the system is running flawlessly in production but sometimes, the provided information is crucial to track down the source of a bug.
In my case, I'd like to protect passwords and JWT tokens.
But I also need a way to see them in the logs when a problem comes up.
Discussion of possible solutions:
- System property. Easy to implement, too easy to tamper with, even at runtime and even when the value of the property is copied into a final variable because you can call
setFinal(false) on the field at runtime.
The same applies to using logback variables to build the log pattern.
- Existence of a file owned by an admin / root and not modifiable by the current user. Rationale: If the attacker is an admin already, the fight is already lost. Drawback: It's pretty easy to check for root ownership and modification flags on Linux with Java 8+ but how can we do the same on Windows? Or Mac? Another advantage: The library can check the file for every log statement, so this would allow to disable masking, test, enable masking.
- Provide a plugin API that allows developers to come up with a suitable solution. Drawback: This isn't a solution, it just allows a solution. So people will come up with all kinds of broken ways to do this, making the effort somewhat futile.
The masking of information is great when the system is running flawlessly in production but sometimes, the provided information is crucial to track down the source of a bug.
In my case, I'd like to protect passwords and JWT tokens.
But I also need a way to see them in the logs when a problem comes up.
Discussion of possible solutions:
setFinal(false)on the field at runtime.The same applies to using logback variables to build the log pattern.