1

I am printing to log, a command to write data to a file at the info level. This command also has user's password parameter. for that i have replaced all the occurences of pwd with ***. PFB the code:

    logger.info(WRITE_COMMAND.replaceAll(_pwd, "***"));

When i scan this code for SSAP violations, its giving me a privacy violation.

Can you please suggest a solution to handle the same?

Alpesh003
  • 329
  • 8
  • 24
  • 2
    What value does printing **** actually add? I would just remove this log statement. – kukudas Mar 02 '15 at 11:34
  • 4
    The first thing that springs to mind is that if the value of `_pwd` happens to be a string that occurs elsewhere in the printed string, you can deduce the password. E.g. if your password is `select` and you want to print something like `select * from user where pwd='select'`, what you get is `*** * from user where pwd='***'`, which makes it very easy to guess what the password could be. Now you may say the password will never be `select` in practice but as soon as you have to rely on this assumption, your solution is vulnerable. – biziclop Mar 02 '15 at 11:37
  • yeah right. but the command is in entirety and I'm just masking the 'pwd' to show the rest of the command that was executed to the user. – Alpesh003 Mar 02 '15 at 11:41
  • 2
    Why have you got the user's password as cleartext in the first place? – DNA Mar 02 '15 at 11:49
  • Its a BCP command that needs to be triggered so we have kept the password as decrypted. – Alpesh003 Mar 02 '15 at 14:12
  • First off, the password is being used in cleartext, and you've got it as a `String`. This is bad practice in the first place. see: http://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords – avgvstvs Mar 03 '15 at 12:58

0 Answers0