ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexWebSphere Message Broker SupportMasking sensitive information while logging through log4j

Post new topicReply to topic
Masking sensitive information while logging through log4j View previous topic :: View next topic
Author Message
venkat5581
PostPosted: Wed Jun 12, 2019 10:46 pm Post subject: Masking sensitive information while logging through log4j Reply with quote

Newbie

Joined: 12 Jun 2019
Posts: 2

Hi Friends,

I got an a requirement like we need to do masking sensitive information(Card number and CVV) while logging through log4j.

Can some one suggest me how can we achieve this requirement.

Thanks and Regards,
Venkat
Back to top
View user's profile Send private message
Vitor
PostPosted: Thu Jun 13, 2019 4:54 am Post subject: Re: Masking sensitive information while logging through log4 Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 25732
Location: Ohio, USA

venkat5581 wrote:
Can some one suggest me how can we achieve this requirement.


Why do you put such sensitive information in a plain text log in the first place? What value does it give you rather than (for example) a transaction number from which this sensitive information could be securely derived by a human? What's the actual requirement?

Mask the data before the flow makes the call to log4j.

Or write a custom logger.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
venkat5581
PostPosted: Thu Jun 13, 2019 5:03 am Post subject: Re: Masking sensitive information while logging through log4 Reply with quote

Newbie

Joined: 12 Jun 2019
Posts: 2

Vitor wrote:
venkat5581 wrote:
Can some one suggest me how can we achieve this requirement.


Why do you put such sensitive information in a plain text log in the first place? What value does it give you rather than (for example) a transaction number from which this sensitive information could be securely derived by a human? What's the actual requirement?

Mask the data before the flow makes the call to log4j.

Or write a custom logger.


logging the sensitive information is our requirement into plain text.

We should not mask the information before calling log4j, when ever we are doing logging by calling log4j then only it should do mask. I got some info from other sites like we can do this in broker config file with filter function. but not getting exact code how can we use that function
Back to top
View user's profile Send private message
Vitor
PostPosted: Thu Jun 13, 2019 5:37 am Post subject: Re: Masking sensitive information while logging through log4 Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 25732
Location: Ohio, USA

venkat5581 wrote:
logging the sensitive information is our requirement into plain text.


That's not a requirement; that's repeating your question using different words.

What requirement, what business need, is causing you to put sensitive data in a plain text log file rather than (for example) logging it to an audit database where it can be properly secured.

venkat5581 wrote:
I got some info from other sites like we can do this in broker config file with filter function. but not getting exact code how can we use that function


Post the links to these "other sites".

Log4j does not come supplied with the IBM software and is a 3rd party open source add on. The "broker config file" you seem to have read about isn't the config file for the broker, but is the log4j config file that is typically held at a broker rather than an EG level.

So it's possible to amend the log4j logger to perform this masking as I indicate above, but if you want details of that you'd be better served posting the question in a log4j forum. Broker has no part of that process, it just calls out to log4j like a Java or other application would.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexWebSphere Message Broker SupportMasking sensitive information while logging through log4j
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.