There is one (java)application which writes data(like Credit card number) to log file in text format.After log file size reaches 10MB, application creates new log file App.log.1,App.log.2...) We want to hide this Credit card number and customer details in log file.One(and better) way is to change the code in that application which writes this Customer data.This application is run once a week by administrator to generate report .
Unfortunately there is no owner for this application(Its been there since 2001/2002 and code does not have any comments)!!.So we don't want to touch this code.
What are alternatives to this? Operating System is Solaris. We are thinking of writing Shell Script/AWK so that this script will monitor the log file and hide the Cutomer details in log file by changing the log content.This doesn't seem fully secure though.
If the logging statements have side effects (the only reason anyone should be scared to touch a *log statement*), then your problems are deeper than the logging statements. Likewise, if you're unable or unwilling to recompile and redeploy the project, you have a *serious* problem if this is an application central to your business.
Fix the log statements.
Joined: Mar 13, 2003
Thanks.Application is not central.Basically it generates the reports on weekly basis.But as per new policy, all customer sensative data should not be visible.This reporting application has more than 300 java classes!!. Iam waiting for source code.
If its a credit card/customer information and some how if you modify the original log file then the original application log will be lost. If you duplicate the log file and use awk or something from unix to change the log file then still you will have issues as you will be duplicating the customer info. Can you check what is the log level in your app where you can setup some option to print only exceptions. If not then as everyone suggested you must change the code. This must have become an issue after some type of audit or compliance I guess.
SCJP 1.2 & 1.5, PMP
Joined: Mar 13, 2003
"This must have become an issue after some type of audit or compliance I guess"
yes. Decompiling and checking how logging is done is better option.