Baron,
The order of the loggers does not matter, just specificity. You might want to
include additivity so nothing bubbles up to more general loggers.
<AsyncLogger name="specific.reference.to.Class" level="trace"
additivity="false">
<AppenderRef ref="sensitiveloggerfile" />
</AsyncLogger>
You will have to keep an eye on your log output to track sensitive details.
Perhaps a test user with a distinctive password that could be searched with a
cron script. Searching cas code base for 'password' may be to general and would
not catch printing of collections.
Ray
On Fri, 2021-07-02 at 16:41 -1000, Baron Fujimoto wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
When our CAS starts up, it warns:
WARN [org.springframework.security.config.annotation.web.builders.WebSecurity]
- <
********************************************************************
********** Security debugging is enabled. *************
********** This may include sensitive information. *************
********** Do not use in a production system! *************
********************************************************************
>
And I find log entries such as the following where the password is logged in
plaintext:
DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] -
<Issuing ticket-granting tickets for service
[AbstractWebApplicationService(id=https://www.example.com/app,
originalUrl=https://www.example.com/app, artifactId=null, principal=null,
source=service, loggedOutAlready=false, format=XML,
attributes={execution=[...], password=[PASSWORD], _eventId=[submit],
username=[USERNAME], geolocation=[]})]>
I assume this is the result of the following in log4j2.xml?
<Property name="cas.log.level">debug</Property>
...
<AsyncLogger name="org.apereo.cas.web.flow"
level="${sys:cas.log.level}" includeLocation="true"/>
For hosts where we do want detailed debug-level logs (but do not want to reveal
passwords) can this be mitigated via a cas property to redact the passwords? Or
should it be handled via logging conf something like this?
<Property name="cas.log.level">debug</Property>
<Property name="cas.log.level.sensitive">info</Property>
...
<AsyncLogger
name="org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver"
level="${sys:cas.log.level.sensitive}" includeLocation="true"/>
<AsyncLogger name="org.apereo.cas.web.flow"
level="${sys:cas.log.level}" includeLocation="true"/>
If this is the correct approach, is this sufficient to eliminate the log
entries containing plaintext passwords, or are there additional classes(?) we
need to worry about as well? Does the order of the AsyncLogger entries matter?
--
Baron Fujimoto <[email protected]<mailto:[email protected]>> :: UH Information
Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1ef4d709940b6ab6a388df1e282b710dd510d82c.camel%40uvic.ca.
