I want to log encrypted User ID while logging
Question
I am logging userID in my project with the getXxx() method. logger.info("printing user id"+user.getUserId()); Now for the security purpose I can't log the userId as plain text, I need to encrypt this. At the same time I can't change logic in getXxx() method, as I am using this as part of my business logic. I want, only when I logging in then only user id got encrypt.
How can I do that?
1 answers
solution1
1 2019-09-12 11:00:10
I would argue the fact that you can't log userIds, in theory this does not expose any user personal information, the id is worthless without the link to the user personal data such as (name, lastname, phonenumber,...) in that sense should be find to have the userId there. if you definetly cant do it, you could potentially do something like:
1) print the traceId of the request so that you can correlate multiple lines of code with your use case, for this you can use the MDC context so that you dont need to do this every-time you log something.
2) wrap your getUserId with an encryption method defaultEncrypt(user.getUserId())
3) add another getter to your domain object to do something like user.getEncryptUserId() which does this underneath. if using kotlin you can just add an extension function to do something like String.encrypt() and then do user.getUserId().encrypt()
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.