[英]I want to log encrypted User ID while logging
I am logging userID in my project with the getXxx() method. 我正在使用getXxx()方法在项目中记录userID。
logger.info("printing user id"+user.getUserId());
Now for the security purpose I can't log the userId as plain text, I need to encrypt this. 现在出于安全性考虑,我不能将userId记录为纯文本,我需要对此进行加密。 At the same time I can't change logic in getXxx() method, as I am using this as part of my business logic.
同时,我无法在getXxx()方法中更改逻辑,因为我将其用作业务逻辑的一部分。 I want, only when I logging in then only user id got encrypt.
我想要,仅当我登录时,才对用户ID进行加密。
How can I do that? 我怎样才能做到这一点?
I would argue the fact that you can't log userIds, in theory this does not expose any user personal information, the id is worthless without the link to the user personal data such as (name, lastname, phonenumber,...) in that sense should be find to have the userId there. 我会争辩一个事实,您不能登录userIds,从理论上讲,它不会公开任何用户个人信息,如果没有链接到以下用户个人数据(例如(姓名,姓氏,电话号码...)那种感觉应该在那里有userId。 if you definetly cant do it, you could potentially do something like:
如果您绝对不能这样做,则可能会执行以下操作:
1) print the traceId of the request so that you can correlate multiple lines of code with your use case, for this you can use the MDC context so that you dont need to do this every-time you log something. 1)打印请求的traceId,以便您可以将多行代码与用例相关联,为此,您可以使用MDC上下文,这样就不必在每次登录时都进行此操作。
2) wrap your getUserId with an encryption method defaultEncrypt(user.getUserId()) 2)用加密方法defaultEncrypt(user.getUserId())包装您的getUserId
3) add another getter to your domain object to do something like user.getEncryptUserId() which does this underneath. 3)向您的域对象添加另一个吸气剂,以执行类似于user.getEncryptUserId()的操作,该操作将在下面进行。 if using kotlin you can just add an extension function to do something like String.encrypt() and then do user.getUserId().encrypt()
如果使用kotlin,则只需添加扩展功能即可执行String.encrypt()之类的操作,然后执行user.getUserId()。encrypt()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.