Reply
Highlighted
Member
Posts: 1
Registered: ‎11-14-2017

Hiding Card details from logs

Hi,

 

while doing transaction, apiRequest which is sent for payment is creating an xml request which holds cardDetails (particulary card Number) , this xml request is visible on logs( i can see them in killbill logs) as well, which ideally should not be visible.
While debugginf the code i was able to reach he point from where this log is created , but there is no way to turn that off.
Please let me know how to turn off the logs printing on killbill server while sending request xml
here is the code snippet attached.

 

File Name: HttpUtility.class

 

Code:* the highlighted line for logger.debug, needs to be commented.

 

static HttpPost createPostRequest(Environment env, ANetApiRequest request) throws URISyntaxException, UnsupportedEncodingException, IOException, JAXBException
    {
        URI postUrl = null;
        HttpPost httpPost = null;

        if(null != request) {
              postUrl = new URI(env.getXmlBaseUrl() + "/xml/v1/request.api");
              logger.debug(String.format("MerchantInfo->LoginId/TransactionKey: '%s':'%s'", request.getMerchantAuthentication().getName(), request.getMerchantAuthentication().getTransactionKey() ));
              logger.debug(String.format("Posting request to Url: '%s'", postUrl));
              httpPost = new HttpPost(postUrl);
              httpPost.getParams().setBooleanParameter(CoreProtocolPNames.USE_EXPECT_CONTINUE, false);
              
              //set the tcp connection timeout
                httpPost.getParams().setIntParameter(HttpConnectionParams.CONNECTION_TIMEOUT, httpConnectionTimeout);
                //set the time out on read-data request
                httpPost.getParams().setIntParameter(HttpConnectionParams.SO_TIMEOUT, httpReadTimeout);
              
              httpPost.setHeader("Content-Type", "text/xml; charset=utf-8");
              
              String xmlRequest = XmlUtility.getXml(request);
              logger.debug(String.format("Request: '%s%s%s'", LogHelper.LineSeparator, xmlRequest, LogHelper.LineSeparator));
              httpPost.setEntity(new StringEntity(xmlRequest, HTTP.UTF_8));
        }

        return httpPost;
    }

Highlighted
All Star
Posts: 699
Registered: ‎11-03-2016

Re: Hiding Card details from logs

Hi @Megha,

 

Can you clarify a little more what's going on? The code you posted looks like it's something from our Java SDK, but you mention seeing the logs on the killbill server? Which one are you using?

 

In our Java SDK, logging can be controlled in the "log4j.properties" file in the "Resources" directory, but the SDK should be masking all sensitive data by default. If it's not, please give us more information.

 

If it's killbill that's doing the logging, you'd have to check into the documentation for that package to determine how to change it.