[英]How to mask passwords in logs?
What is the best approach to hide confidental data, eg passwords into logs. 隐藏数据的最佳方法是什么,例如将密码隐藏到日志中。
I would like to log body of POST requests, which are send to my Servlet. 我想记录发送到我的Servlet的POST请求的主体。 But logging password isn't a good idea.
但是记录密码并不是一个好主意。 How to mask passwords?
如何屏蔽密码? If the regular expression is the best idea, can you propose some examples?
如果正则表达式是最好的想法,你能提出一些例子吗?
// Example:
password=123456asedqwe -> password=***
bla&password=qweqweqwe -> bla&password=***
password=qweqweqwe&qwe=qwe -> password=***&qwe=qwe
You can try the following simple regex replacement. 您可以尝试以下简单的正则表达式替换。 It assumes that the password lies between
password=
and the next &
. 它假设密码位于
password=
和下一个&
。
String s = "password=qweqweqwe&qwe=qwe ";
String maskedPassword = s.replaceAll("password=[^&]*", "password=***");
System.out.println(maskedPassword);
prints: 打印:
password=***&qwe=qwe
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.