I appreciate the intent but this feels like bad solution. If a toString() method return a password, then the security issue is in the toString() IMO.
Gary On 2024/09/03 14:18:03 Melloware Inc wrote: > I could be wrong but his whole intent of that PR was not logging a > bean.toString() that might accidentally expose a password. That seems to > be his entire goal. So if there is a better way to achieve that goal is > what i think the developer was going for. > > On Tue, Sep 3, 2024 at 9:52 AM Gary D. Gregory <ggreg...@apache.org> wrote: > > > On 2024/08/31 12:44:19 Melloware Inc wrote: > > > I feel like this PR is a good idea. Just from a safety perspective and > > not > > > accidentally logging a password. > > > > The PR does nothing to avoid logging passwords. It only plays games when a > > bean implements toString() which might have unexpected consequences. I'm > > not sure. > > > > I took another look and I'm not sure this is helpful though, and it also > > contains some global variable editing that will be problematic IMO. See my > > comments in the PR. > > > > Gary > > > > > > > > On Mon, Aug 26, 2024 at 5:41 PM Gary D. Gregory <ggreg...@apache.org> > > wrote: > > > > > > > Hi All, > > > > > > > > Does anyone have thoughts on PR > > > > https://github.com/apache/commons-beanutils/pull/276 ? > > > > > > > > TY, > > > > Gary > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > > > > > > > > -- > > > ============================== > > > Melloware > > > melloware...@gmail.com > > > http://melloware.com > > > ============================== > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > -- > ============================== > Melloware > melloware...@gmail.com > http://melloware.com > ============================== > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
