Java – Apache httpclient records the password in clear text when opening debug logging

Java

When debug logging is enabled, Apache httpclient appears to record passwords in clear text

Is there any way to disable it? So I can see the rest of the debug logs instead of the credentials?

Solution

Before sending the password over the network, create the SHA1 hash value of the password in memory

MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] sha1hash = new byte[40];
md.update(text.getBytes("UTF-8"),text.length()); // TODO verify the lengths are the same
sha1hash = md.digest();

http://www.mkyong.com/java/java-sha-hashing-example/

If you absolutely need a clear text password, you have the following options:

>You can disable logging of the header or set it to a level higher than debug: disable httpclient logging > you can disable logging dynamically before sending the password and then reopen it again: dynamically configuring Apache HTTP client > you can implement your own logger handler / formatter or one of the basic, And search your password in the output and replace it with XXXXXXXX Then set the handler to your class: https://hc.apache.org/httpcomponents-client-ga/logging.html

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>