What about a custom implementation of StoreConfiguration.toString which does not include the password?
On Fri, May 5, 2017 at 10:28 AM, Gary Gregory <garydgreg...@gmail.com> wrote: > Usually toString on an object that includes a password String can end up in > places like logs that it should not be. A char[] toString does not display > its contents. > > Gary > > On May 5, 2017 12:41 AM, "Mikael Ståldal" <mikael.stal...@magine.com> > wrote: > > > What are those security reasons? > > > > On Fri, May 5, 2017 at 2:06 AM, Gary Gregory <garydgreg...@gmail.com> > > wrote: > > > > > Hi, > > > > > > I think I'd like to change the type > > > of org.apache.logging.log4j.core.net.ssl.StoreConfiguration.password > > from > > > String to char[] for the usual security reason. > > > > > > Thoughts? > > > > > > Gary > > > > > > -- > > > E-Mail: garydgreg...@gmail.com | ggreg...@apache.org > > > Java Persistence with Hibernate, Second Edition > > > <https://www.amazon.com/gp/product/1617290459/ref=as_li_ > > > tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459& > > > linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2 > b8> > > > > > > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a= > > > 1617290459> > > > JUnit in Action, Second Edition > > > <https://www.amazon.com/gp/product/1935182021/ref=as_li_ > > > tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021& > > > linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de4 > > 18%22 > > > > > > > > > > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a= > > > 1935182021> > > > Spring Batch in Action > > > <https://www.amazon.com/gp/product/1935182951/ref=as_li_ > > > tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951& > > > linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B% > > > 7Blink_id%7D%7D%22%3ESpring+Batch+in+Action> > > > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a= > > > 1935182951> > > > Blog: http://garygregory.wordpress.com > > > Home: http://garygregory.com/ > > > Tweet! http://twitter.com/GaryGregory > > > > > > > > > > > -- > > [image: MagineTV] > > > > *Mikael Ståldal* > > Senior software developer > > > > *Magine TV* > > mikael.stal...@magine.com > > Grev Turegatan 3 | 114 46 Stockholm, Sweden | www.magine.com > > > > Privileged and/or Confidential Information may be contained in this > > message. If you are not the addressee indicated in this message > > (or responsible for delivery of the message to such a person), you may > not > > copy or deliver this message to anyone. In such case, > > you should destroy this message and kindly notify the sender by reply > > email. > > > -- [image: MagineTV] *Mikael Ståldal* Senior software developer *Magine TV* mikael.stal...@magine.com Grev Turegatan 3 | 114 46 Stockholm, Sweden | www.magine.com Privileged and/or Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such a person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email.
