You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are using annotation @loggable in a rest controller class with value = Loggable.TRACE so that nothing is logged normally because the methods under this class process a lot of sensitive personally identifiable information (PII) data. But we found that if the execution time of any method in this class goes beyond the value of limit() in Loggable class, it will create a WARN log with all the details of parameters of that method. This is dangerous as it exposes the sensitive data in the parameters unexpectedly. I searched online and found developers usually do not pay attention to the value of limit() in Loggable when they add @loggable to their class, and they don't particularly customize that value in annotation, and the WARN logs usually are not caught during the testing. So there is a danger to expose the sensitive data in the logs. Can you please add a setting so that one can turn this feature on or off at a global level rather than having to set limit value for every annotation? Or update it so that it does not expose the details of the method parameters? Thanks.
The text was updated successfully, but these errors were encountered:
We are using annotation @loggable in a rest controller class with value = Loggable.TRACE so that nothing is logged normally because the methods under this class process a lot of sensitive personally identifiable information (PII) data. But we found that if the execution time of any method in this class goes beyond the value of limit() in Loggable class, it will create a WARN log with all the details of parameters of that method. This is dangerous as it exposes the sensitive data in the parameters unexpectedly. I searched online and found developers usually do not pay attention to the value of limit() in Loggable when they add @loggable to their class, and they don't particularly customize that value in annotation, and the WARN logs usually are not caught during the testing. So there is a danger to expose the sensitive data in the logs. Can you please add a setting so that one can turn this feature on or off at a global level rather than having to set limit value for every annotation? Or update it so that it does not expose the details of the method parameters? Thanks.
The text was updated successfully, but these errors were encountered: