On 22/12/17 14:59, Seán Coffey wrote:
As someone who works with alot of log files, I'd like to chime in and
support Steven's end goal. Looking at a "Connection refused" error in
the middle of a log file that possibly extends to millions of lines is
near useless. In the era of cloud compute, diagnosing network issues is
sure to become a more common task.
While we may not be able to put the sensitive information in an
exception message, I think we could put it behind a (new?) system
property which might be able to log this information. Logs contain all
sorts of sensitive data. Take javax.net.debug=ssl output for example.
I have some sympathy for (capital-L)ogging such detail messages
( given the reasonable restriction on access to log files ), but
a system property that effectively amends exception detail
messages, or prints to stdout/stderr is not a runner in my
opinion.
Maybe we should be looking at instrumentation with JFR events, or
similar. My point being, if someone has time and energy enough
to spend on this, then we can do better than javax.net.debug=ssl.
Also, someone should check that divulging such sensitive information,
even in log files, is acceptable from a security perspective. I'm
personally still dubious.
-Chris.
