• Log4j 密码屏蔽


    Log4j filter to mask Payment Card numbers (PCI DSS)
    According to PCI DSS (Payment Card Industry Data Security Standard) your application must not store payment card numbers. This requirement includes database, files and logs. The following filter will allow you to mask card numbers in your logs on the fly, so even if you accidentally turned debug mode on for network communication, you can be confident that your data is PCI compliant.

    Log4j allows you to configure PatternLayout that processes your log records. The idea is simple, out filter would match payment card numbers and replace them with masked values. Card number is usually a number of 15-19 digits.

    I am going to use regular expression to match possible card numbers and replace them with masked values. I leave unmasked the beginning (6 digits) and the ending (4 digits), replacing the middle part with text. So, instead of 123456789012345678, I will get 123456<HIDDEN>5678 in my logs.

    The following class implements PatternLayout with overriden format() method that does filtering:

    package vozis.logger;
    
    import java.util.regex.Matcher;
    import java.util.regex.Pattern;
    import org.apache.log4j.Logger;
    import org.apache.log4j.PatternLayout;
    import org.apache.log4j.spi.LoggingEvent;
    
    /**
     * Credit Card Filtering Layout
     * @author sergej.sizov
     */
    public class CreditCardFilteringLayout extends PatternLayout {
        
     private static final String MASKCARD = "$1<HIDDEN>$2";
     private static final Pattern PATTERNCARD = 
        Pattern.compile("([0-9]{6})[0-9]{0,9}([0-9]{4})");        
        
     @Override
     public String format(LoggingEvent event) {
       if (event.getMessage() instanceof String) {
          String message = event.getRenderedMessage();
    
          Matcher matcher = PATTERNCARD.matcher(message);
               
          if (matcher.find()) {
             String maskedMessage = matcher.replaceAll(MASKCARD);
    
             Throwable throwable = 
                 event.getThrowableInformation() != null ?
                 event.getThrowableInformation().getThrowable() : null;
                    
             LoggingEvent maskedEvent = new LoggingEvent(
                     event.fqnOfCategoryClass,
                     Logger.getLogger(event.getLoggerName()), 
                     event.timeStamp, 
                     event.getLevel(), 
                     maskedMessage, 
                     throwable);
                    
             return super.format(maskedEvent);
          } 
       }
    
       return super.format(event);
    
     }
    }
    

    Then we need to configure Log4j to use CreditCardFilteringLayout. You need to override layout property for every appender in log4j.properties as it is shown below:

        log4j.appender.stdout=org.apache.log4j.ConsoleAppender
        log4j.appender.stdout.Target=System.out
        log4j.appender.stdout.layout=vozis.logger.CreditCardFilteringLayout
        log4j.appender.stdout.layout.ConversionPattern=%d{HH:mm:ss} %-5p %c{1} - %m%n
    log4j.appender.stdout.Threshold=info
    
    log4j.appender.TEMP=org.apache.log4j.RollingFileAppender
    log4j.appender.TEMP.File=temp.log 
    log4j.appender.TEMP.MaxFileSize=5MB
    log4j.appender.TEMP.MaxBackupIndex=1
    log4j.appender.TEMP.layout=vozis.logger.CreditCardFilteringLayout
    log4j.appender.TEMP.layout.ConversionPattern=%-5p %d{yyyy-MM-dd HH:mm:ss,SSS} %C{1}:%M(line %L) - %m%n
    

    This idea can be used not only for credit card numbers, but also for Social Security number (SSN) or any other data that you consider sensitive. The benefit of this solution is that it is a one place change and it is easier than checking every logger.log() invocation in your application.

  • 相关阅读:
    oracle解决连接池不足
    ORA-12537:TNS连接已关闭
    oracle 11g 大量废连接占满数据库连接问题处理
    oracle: 浅谈sqlnet.ora文件的作用,及SQLNET.AUTHENTICATION_SERVICES设置
    查询oracle数据库的数据库名、实例名、ORACLE_SID
    工程:有价值的事物的创建过程,及依赖的资源与知识
    工程学
    并发的本质是任务空间与执行空间
    异步的本质是不确定性
    聊一聊 redux 异步流之 redux-saga
  • 原文地址:https://www.cnblogs.com/laoniu85/p/5068646.html
Copyright © 2020-2023  润新知