I would like to ask a question about how to sanitize information when logging with Java.
Some example, we have class Person with a very sensitive SSN, and a class Account with a very sensitive credit card number (and hundreds of other business classes with sensitive information over time).
public class Person {
private String firstName;
private String lastName;
private String socialSecurityNumber;
public String getFirstName() {
return firstName;
}
public String getLastName() {
return lastName;
}
public String getSocialSecurityNumber() {
return socialSecurityNumber;
}
public String getSanitizeSocialSecurityNumberForLog() {
//apply some masking logic
return sanitizeSocialSecurityNumberForLog;
}
}
public class Account {
private String firstName;
private String lastName;
private String creditCardNumber;
public String getFirstName() {
return firstName;
}
public String getLastName() {
return lastName;
}
public String getCreditCardNumber() {
return creditCardNumber;
}
public String getSanitizeCreditCardNumberForLog() {
// last four digits
return lastFour;
}
}
And in our business logic, we will have something like:
LOGGER.info("The person's first name is " + person.getFirstName() + " and his SSN is " + person.getSocialSecurityNumber());
This created many incidents. And we ended up doing something horrible, not scalable, which is to create for every sensitive "thing" we have, some kind of getSanitizedThing(), and then to use:
LOGGER.info("The person's first name is " + person.getFirstName() + " and his SSN is " + person.getSanitizeSocialSecurityNumberForLog());
This solution is not working at all. We have boiler plate code in our POJOs, in the service layers etc to perform sanitization.
My question is not about log level tuning btw.
Question: What would be the best pattern in order to address this issue in the most clean and effective way please?
Thank you
Aucun commentaire:
Enregistrer un commentaire