使用Logback屏蔽密码? [英] Mask Passwords with Logback?
问题描述
我们目前通常记录所有进出我们系统的XML文档,其中一些包含明文密码.我们希望能够配置执行此操作的logback logger/appender进行某种模式匹配或类似操作,并且如果它检测到存在替换它的密码(很可能带有星号).注意,我们不想过滤掉日志条目,我们想掩盖其中的一部分.我很乐意提供有关如何通过注销执行此操作的建议.谢谢.
We currently generically log all XML documents coming in and going out of our system, and some of them contain passwords in the clear. We would like to be able to configure the logback logger/appender that is doing this to do some pattern matching or similar and if it detects a password is present to replace it (with asterisks most likely). Note we don't want to filter out the log entry, we want to mask a portion of it. I would appreciate advice on how this would be done with logback. Thanks.
推荐答案
The logback version 0.9.27 introduced replacement capability. Replacements support regular expressions. For example, if the logged message was "userid=alice, pswd='my secret'", and the output pattern was
"%d [%t] $logger - %msg%n",
您只需将模式修改为
"%d [%t] $logger - %replace(%msg){"pswd='.*'", "pswd='xxx'"}%n"
请注意,以上内容使用了选项引用.
Note that the above makes use of option quoting.
先前的日志消息将输出为"userid = alice,pswd ='xxx'"
The previous log message would be output as "userid=alice, pswd='xxx'"
为了获得出色的性能,您还可以将日志语句标记为CONFIDENTIAL,并指示%replace仅对标记为CONFIDENTIAL的日志语句执行替换.例子,
For blazing performance, you could also mark the log statement as CONFIDENTIAL and instruct %replace to perform replacement only for log statements marked as CONFIDENTIAL. Example,
Marker confidential = MarkerFactory.getMarker("CONFIDENTIAL");
logger.info(confidential, "userid={}, password='{}'", userid, password);
不幸的是,当前版本的logback尚不支持有条件的替换(基于标记或其他方式).但是,您可以通过扩展ReplacingCompositeConverter轻松编写自己的替换代码.如果您需要进一步的帮助,请在登录用户的邮件列表中大喊大叫.
Unfortunately, the current version of logback does not yet support conditional replacements (based on markers or otherwise). However, you could easily write your own replacement code by extending ReplacingCompositeConverter. Shout on the logback-user mailing list if you need further assistance.
这篇关于使用Logback屏蔽密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
