[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [eclipselink-users] SQL logging
|
Derek,
A minor change to by default not show details of the data in
transactions in server log files (in case they get into the wrong hands).
The text of the parameter (like a SSN/SIN) could be sensitive.
See:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=329852#c4
Here are some logs from GlassFish 3.1 via NetBeans 6.9.1 to illustrate.
INFO: GlassFish Server Open Source Edition 3.1-b41 (41) startup time :
Felix (1,359ms), startup services(10,904ms), total(12,263ms)
from
FINE: INSERT INTO UNITOFWORK (ID, ENDTIMESTAMP, EXTENT, INITIAL,
MAXPATH, MAXVALUE, RETRIES, STARTTIMESTAMP, VERSION, KNOWNMAX_ID,
KNOWNPATH_ID, PROCESSOR_ID) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
bind => [12 parameters bound]
to
FINE: INSERT INTO UNITOFWORK (ID, STARTTIMESTAMP, VERSION, MAXPATH,
EXTENT, INITIAL, RETRIES, ENDTIMESTAMP, MAXVALUE, KNOWNPATH_ID,
PROCESSOR_ID, KNOWNMAX_ID) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
bind => [5, 1297192198347, 1, 1, 1267650600228229401496704253952,
1267650600228229401496703205377, 0, null, 1, 4, 1, 3]
This is in line with other JPA implementations that do this or just
don't show the bind parameters, for example, here is another.
INFO: Hibernate: insert into UnitOfWork (endTimestamp, extent, initial,
knownMax_id, knownPath_id, maxPath, maxValue, processor_id, retries,
startTimestamp, version, id) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
A secondary enhancement would be to key off the security manager
when enabling this property - I currently am running GlassFish with it
off by default.
INFO: SEC1002: Security Manager is OFF.
thank you
/michael
On 11/02/2011 16:09, Derek Knapp wrote:
thank you very much!
just out of curosity, what do you mean security fix?
Derek
On 11-02-11 03:59 PM, Michael Frank O'Brien wrote:
Derek,
Here, this will show parameters in 2.2+ and override the security
fix.
<!-- enable SQL parameter binding visibility logging to override ER
329852 -->
<property name="eclipselink.logging.parameters" value="true"/>
thank you
/michael
On 11/02/2011 15:58, Derek Knapp wrote:
I recently upgraded to glassfish v3.1 which seems to ship with
eclipselink 2.2
I am trying to figure out how to make the logging log the actual
parameters, instead of
FINE: bind => [2 parameters bound]
I currently have
<property name="eclipselink.logging.level" value="SEVERE"/>
<property name="eclipselink.logging.level.sql" value="FINE"/>
in my persistence.xml
_______________________________________________
eclipselink-users mailing list
eclipselink-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/eclipselink-users
_______________________________________________
eclipselink-users mailing list
eclipselink-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/eclipselink-users
_______________________________________________
eclipselink-users mailing list
eclipselink-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/eclipselink-users
