If so, click to download 15 days full version for free!
Logging is an important aspect of programming. Log entries produced at runtime help developers to quickly analyze the bugs without too much effort. Additionally operation teams can recognize abnormal behaviors by analyzing the log entries.
Therefore, however at first the privacy of the log files may seem unnecessary, they contain sensitive information especially if no masking was performed when logging.
The code that produces a log entry may look like the following;
var pass = Request[“pass”];
logger.warn("Failed authentication for: "+ Request["uname"] + “-” + pass);
Here, the developer produces a warning log entry when the authentication for a user fails, for example, when a wrong password is provided. As you can see along with the username the password is also logged. If, somehow, these log files are distributed to a 3rd party team for a bugfix analysis, plaintext passwords will be exposed, too.
Logging is an important aspect of programming. Log entries produced at runtime help developers to quickly analyze the bugs without too much effort. Additionally operation teams can recognize abnormal behaviors by analyzing the log entries.
Therefore, however at first the privacy of the log files may seem unnecessary, they contain sensitive information especially if no masking was performed when logging.
The code that produces a log entry may look like the following;
String uname = request.getParameter("uname");
String pass = request.getParameter("pass");
Logger.info("Failed authentication for: " + uname + " - " + pass);
Here, the developer produces a warning log entry when the authentication for a user fails, for example, when a wrong password is provided. As you can see along with the username the password is also logged. If, somehow, these log files are distributed to a 3rd party team for a bugfix analysis, plaintext passwords will be exposed, too.
If so, click to buy now for yearly subscriptions!