John Hui wrote:
I currently have Tomcat access log enable which will log all the query
that
hits my web server. Some of the information is "confidential". So is
there
a mechanism that I can use to add a interceptor or filter to "encrypt"
those
information before it gets log into the access log?
Any suggestion or pointer would be greatly appreciated!
John
It would be better to alter the application (if you can) to not include
private information inside url's.
But either way, just make the logs read writeable only by tomcat. That
way the user has to have access to tomcat before they can read the logs.
And if the user has access to tomcat, then they will be able to read
your logs no matter wether your logs are encrypted or not. (ie if the
user has access to tomcat they can simply monitor all incoming traffic
via other means, and get much more confidential information than just
urls and ip addresses)
Best Regards,
Jacob
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
