2

If any exception occurs in the code, we have logged the exception using the logback logger. While logging we have directly passed the exception object e to the error method.

The exception which has been thrown from a third party jar contains sensitive information like username and password. Currently, we have the username and password as the private field in the code. But it does not seem appropriate to check for check log message do string comparison and then log.

As the exception is thrown by the third party API, fixed pattern for the exception is not known. That's why we are not able to use the %replace.

What is a good way to mask the sensitive data in the exception?

Improve this question
4
  • You can create generic exception handler which will be filtering that information by string comparsion. Is it possible? Commented Aug 8, 2017 at 12:07
  • If you can't know what the sensitive data in the message looks like and how to reliably locate it (e.g. location or surrounding patterns) you either have the option to not log anything, mask as much as possible (e.g. the entire part between the exception name and the stacktrace) or best tackle the problem at its root: in the library or at least where you log the exception. Commented Aug 8, 2017 at 12:07
  • You log what you need. If you know the type of the exception that contains sensitive data just log a brief prepared message Commented Aug 8, 2017 at 12:09
  • Actually for the current exception, we know what we want to mask. We have the username and password value. But we have to do string comparison before each log with list of values. Commented Aug 8, 2017 at 12:10

1 Answer 1

Reset to default
1

if you can catch/rethrow the exception, wrapp it into one of your own exception, with a String filter on the message.

as a last solution, disable logging from this API packages

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.