question

Upvote
Accepted
50 4 5 6

Is there a recommended way to log incoming/outgoing messages without revealing the user credential? (similar to ​decodeToXml())

We are using decodeToXml() to print out the messages in the log file. However certain messages do contain user credential information like password which must not be logged due to security rules. I'm wondering if there's a recommended way to work around this problem as it looks to me that it is such a common question. Certainly one way is to decode the messages and format/print out ourselves, but hopefully there's a simpler way.

elektronelektron-sdkrrteta-apielektron-transport-apidebugging
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
Accepted
24.4k 53 17 14

Hello Thanawat,

This issue has been fixed in the Elektron SDK 1.0.3. I suggest you upgrade the API to the latest version.

Best regards,

Wasin W.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

How has this been fixed? Elektron SDK 1.0.3 is not available yet.

It is available here. It removes password from the output of the toString helpers on the RDMLogin Admin domain helper classes.

Upvotes
1.2k 23 31 44

One would have to alter the design such that the credentials are in an message envelope and then decodeToXml() can be called on the embedded data set only.

An alternative solution is to only tag the credentials after logging the message on output, and after clearing the credentials on input.

It is not common to have passwords on a TREP system, TREP itself with DACS enabled is usually only a login name.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.