329852 – Provide ability to hide sensitive data from SQL logging

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 329852 - Provide ability to hide sensitive data from SQL logging

Summary: Provide ability to hide sensitive data from SQL logging

Status:	RESOLVED FIXED

Alias:	None

Product:	z_Archived
Classification:	Eclipse Foundation
Component:	Eclipselink (show other bugs)
Version:	unspecified
Hardware:	PC Windows XP

Importance:	P3 normal (vote)
Target Milestone:	---
Assignee:	Nobody - feel free to take it
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	330095
	Show dependency tree

Reported:	2010-11-09 15:32 EST by Guy Pelletier
Modified:	2022-06-09 10:24 EDT (History)
CC List:	2 users (show)

See Also:

Flags:	michael.f.obrien: documentation+

Attachments
Proposed changes (8.13 KB, patch) 2010-11-10 09:28 EST, Guy Pelletier	no flags	Details \| Diff
Updated patch (9.18 KB, patch) 2010-11-11 09:48 EST, Guy Pelletier	no flags	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Guy Pelletier

2010-11-09 15:32:12 EST

Our current SQL logging (when log level is set to FINE or greater) produces the following example log message:

[EL Fine]: 2010-11-09 15:22:17.107--ClientSession(26061809)--Connection(16925102)--Thread(Thread[main,5,main])--INSERT INTO DYNAMIC_ADDRESS (ADDRESS_ID, CITY, COUNTRY, P_CODE, PROVINCE, STREET) VALUES (?, ?, ?, ?, ?, ?)
	bind => [528, Ottawa, Canada, K1G6P3, ON, 123 Street]

We should provide users with the ability to hide this sensitive data with a new session property/flag to generate the following instead:

[EL Fine]: 2010-11-09 15:22:17.107--ClientSession(26061809)--Connection(16925102)--Thread(Thread[main,5,main])--INSERT INTO DYNAMIC_ADDRESS (ADDRESS_ID, CITY, COUNTRY, P_CODE, PROVINCE, STREET) VALUES (?, ?, ?, ?, ?, ?)
	bind => [***, ******, ******, ******, **, **********]

This same type of information is also included when a SQL exception is encountered and this new flag should also hide the information from there as well.

Comment 1 Guy Pelletier

2010-11-10 09:28:55 EST

Created attachment 182813 [details]
Proposed changes

New JPA persistence unit property added: eclipselink.should-display-data

Comment 2 Guy Pelletier

2010-11-11 09:48:48 EST

Created attachment 182903 [details]
Updated patch

New log message will look as follows:

[EL Fine]: 2010-11-09
15:22:17.107--ClientSession(26061809)--Connection(16925102)--Thread(Thread[main,5,main])--INSERT
INTO DYNAMIC_ADDRESS (ADDRESS_ID, CITY, COUNTRY, P_CODE, PROVINCE, STREET)
VALUES (?, ?, ?, ?, ?, ?)
    bind => [6 parameters bound]

Comment 3 Guy Pelletier

2010-11-11 10:57:09 EST

Changes have been submitted.

Reviewed by: Gordon Yorke, James Sutherland, Peter Krogh

Changed an extended tests model to hide the bind parameters and manually inspected the log.

Comment 4 Michael OBrien

2011-02-08 16:27:02 EST

>The property below from comment #1 does not exist
<property name="eclipselink.should-display-data" value="true"/>
>Use the following EclipseLink property to enable parameter value logging
<property name="eclipselink.logging.parameters" value="true"/>

>from
FINE: INSERT INTO UNITOFWORK (ID, ENDTIMESTAMP, EXTENT, INITIAL, MAXPATH, MAXVALUE, RETRIES, STARTTIMESTAMP, VERSION, KNOWNMAX_ID, KNOWNPATH_ID, PROCESSOR_ID) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
        bind => [12 parameters bound]
>to
FINE: INSERT INTO UNITOFWORK (ID, STARTTIMESTAMP, VERSION, MAXPATH, EXTENT, INITIAL, RETRIES, ENDTIMESTAMP, MAXVALUE, KNOWNPATH_ID, PROCESSOR_ID, KNOWNMAX_ID) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
        bind => [5, 1297192198347, 1, 1, 1267650600228229401496704253952, 1267650600228229401496703205377, 0, null, 1, 4, 1, 3]

Comment 5 Eclipse Webmaster

2022-06-09 10:24:32 EDT

The Eclipselink project has moved to Github: https://github.com/eclipse-ee4j/eclipselink