I agree with Gary. If an object is exposing sensitive data in its toString() then the problem should be fixed at the source.
Peter On Tue, Sep 3, 2024, 11:04 AM Gary D. Gregory <ggreg...@apache.org> wrote: > I appreciate the intent but this feels like bad solution. If a toString() > method return a password, then the security issue is in the toString() IMO. > > Gary > > On 2024/09/03 14:18:03 Melloware Inc wrote: > > I could be wrong but his whole intent of that PR was not logging a > > bean.toString() that might accidentally expose a password. That seems to > > be his entire goal. So if there is a better way to achieve that goal is > > what i think the developer was going for. > > > > On Tue, Sep 3, 2024 at 9:52 AM Gary D. Gregory <ggreg...@apache.org> > wrote: > > > > > On 2024/08/31 12:44:19 Melloware Inc wrote: > > > > I feel like this PR is a good idea. Just from a safety perspective > and > > > not > > > > accidentally logging a password. > > > > > > The PR does nothing to avoid logging passwords. It only plays games > when a > > > bean implements toString() which might have unexpected consequences. > I'm > > > not sure. > > > > > > I took another look and I'm not sure this is helpful though, and it > also > > > contains some global variable editing that will be problematic IMO. > See my > > > comments in the PR. > > > > > > Gary > > > > > > > > > > > On Mon, Aug 26, 2024 at 5:41 PM Gary D. Gregory <ggreg...@apache.org > > > > > wrote: > > > > > > > > > Hi All, > > > > > > > > > > Does anyone have thoughts on PR > > > > > https://github.com/apache/commons-beanutils/pull/276 ? > > > > > > > > > > TY, > > > > > Gary > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > > > > > > > > > > > > -- > > > > ============================== > > > > Melloware > > > > melloware...@gmail.com > > > > http://melloware.com > > > > ============================== > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > > > > -- > > ============================== > > Melloware > > melloware...@gmail.com > > http://melloware.com > > ============================== > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
