Sensitive information stored in logs
Need
Protection of sensitive information in log files
Context
- Usage of Java for building cross-platform applications
- Usage of javax.servlet for Java Servlet development
- Usage of java.io for input and output operations in Java
Description
Non compliant code
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
public class SensitiveInfoLogger extends HttpServlet {
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
String bankAccount = request.getParameter("bankAccount");
// Logging sensitive information
System.out.println("Username: " + username);
System.out.println("Password: " + password);
System.out.println("Bank Account: " + bankAccount);
}
}
The above Java servlet code is an example of a vulnerability where sensitive information is stored in logs. In this case, the servlet is handling a POST request where it retrieves certain parameters such as username, password, and bankAccount from the request.
The vulnerability lies in the fact that these sensitive pieces of information are being printed to the console via System.out.println(). This means that anyone who has access to these logs can view this sensitive information. This can lead to serious security breaches, as sensitive user information such as passwords and bank account numbers should never be stored in plaintext, let alone printed to a console or log file.
Steps
- Avoid logging sensitive information
- Use a secure logging framework
- Implement proper access controls for log files
- Encrypt sensitive information before logging
- Regularly review and rotate log files
Compliant code
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.util.logging.*;
public class SensitiveInfoLogger extends HttpServlet {
private static final Logger logger = Logger.getLogger(SensitiveInfoLogger.class.getName());
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
String bankAccount = request.getParameter("bankAccount");
// Encrypt sensitive information before logging
String encryptedPassword = encryptPassword(password);
String encryptedBankAccount = encryptBankAccount(bankAccount);
// Logging information
logger.log(Level.INFO, "Username: " + username);
logger.log(Level.INFO, "Encrypted Password: " + encryptedPassword);
logger.log(Level.INFO, "Encrypted Bank Account: " + encryptedBankAccount);
}
private String encryptPassword(String password) {
// Implement encryption logic here
return password;
}
private String encryptBankAccount(String bankAccount) {
// Implement encryption logic here
return bankAccount;
}
}
The updated code now uses the java.util.logging.Logger class to log information instead of System.out.println(). This is a secure logging framework that provides more control over what is logged and where it is logged.
Sensitive information like passwords and bank account numbers are now encrypted before being logged. The encryptPassword and encryptBankAccount methods are placeholders for the actual encryption logic.
The logger logs the username as is, but logs the encrypted versions of the password and bank account number. This way, even if someone gains access to the log files, they won't be able to see the actual sensitive information.
Remember to implement proper access controls for your log files to prevent unauthorized access. Also, regularly review and rotate your log files to manage their size and ensure that they don't contain outdated information.