Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 329852

Summary: Provide ability to hide sensitive data from SQL logging
Product: z_Archived Reporter: Guy Pelletier <guy.pelletier>
Component: EclipselinkAssignee: Nobody - feel free to take it <nobody>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: eclipselink.foundation-inbox, michael.f.obrien
Version: unspecifiedFlags: michael.f.obrien: documentation+
Target Milestone: ---   
Hardware: PC   
OS: Windows XP   
Whiteboard:
Bug Depends on:    
Bug Blocks: 330095    
Attachments:
Description Flags
Proposed changes
none
Updated patch none

Description Guy Pelletier CLA 2010-11-09 15:32:12 EST 
Our current SQL logging (when log level is set to FINE or greater) produces the following example log message:

[EL Fine]: 2010-11-09 15:22:17.107--ClientSession(26061809)--Connection(16925102)--Thread(Thread[main,5,main])--INSERT INTO DYNAMIC_ADDRESS (ADDRESS_ID, CITY, COUNTRY, P_CODE, PROVINCE, STREET) VALUES (?, ?, ?, ?, ?, ?)
	bind => [528, Ottawa, Canada, K1G6P3, ON, 123 Street]

We should provide users with the ability to hide this sensitive data with a new session property/flag to generate the following instead:

[EL Fine]: 2010-11-09 15:22:17.107--ClientSession(26061809)--Connection(16925102)--Thread(Thread[main,5,main])--INSERT INTO DYNAMIC_ADDRESS (ADDRESS_ID, CITY, COUNTRY, P_CODE, PROVINCE, STREET) VALUES (?, ?, ?, ?, ?, ?)
	bind => [***, ******, ******, ******, **, **********]

This same type of information is also included when a SQL exception is encountered and this new flag should also hide the information from there as well.
Comment 1 Guy Pelletier CLA 2010-11-10 09:28:55 EST 
Created attachment 182813 [details]
Proposed changes

New JPA persistence unit property added: eclipselink.should-display-data
Comment 2 Guy Pelletier CLA 2010-11-11 09:48:48 EST 
Created attachment 182903 [details]
Updated patch

New log message will look as follows:

[EL Fine]: 2010-11-09
15:22:17.107--ClientSession(26061809)--Connection(16925102)--Thread(Thread[main,5,main])--INSERT
INTO DYNAMIC_ADDRESS (ADDRESS_ID, CITY, COUNTRY, P_CODE, PROVINCE, STREET)
VALUES (?, ?, ?, ?, ?, ?)
    bind => [6 parameters bound]
Comment 3 Guy Pelletier CLA 2010-11-11 10:57:09 EST 
Changes have been submitted.

Reviewed by: Gordon Yorke, James Sutherland, Peter Krogh

Changed an extended tests model to hide the bind parameters and manually inspected the log.
Comment 4 Michael OBrien CLA 2011-02-08 16:27:02 EST 
>The property below from comment #1 does not exist
<property name="eclipselink.should-display-data" value="true"/>
>Use the following EclipseLink property to enable parameter value logging
<property name="eclipselink.logging.parameters" value="true"/>

>from
FINE: INSERT INTO UNITOFWORK (ID, ENDTIMESTAMP, EXTENT, INITIAL, MAXPATH, MAXVALUE, RETRIES, STARTTIMESTAMP, VERSION, KNOWNMAX_ID, KNOWNPATH_ID, PROCESSOR_ID) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
        bind => [12 parameters bound]
>to
FINE: INSERT INTO UNITOFWORK (ID, STARTTIMESTAMP, VERSION, MAXPATH, EXTENT, INITIAL, RETRIES, ENDTIMESTAMP, MAXVALUE, KNOWNPATH_ID, PROCESSOR_ID, KNOWNMAX_ID) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
        bind => [5, 1297192198347, 1, 1, 1267650600228229401496704253952, 1267650600228229401496703205377, 0, null, 1, 4, 1, 3]
Comment 5 Eclipse Webmaster CLA 2022-06-09 10:24:32 EDT 
The Eclipselink project has moved to Github: https://github.com/eclipse-ee4j/eclipselink