Hi,
I think the following is an issue and I'd like to confirm that you
agree, and would be interested in a patch.
When an SQLException occurs while accessing a database from a CMP or JPA
application, an error message similar to the following is logged in
server.log. (below is with a CMP application on GFv2).
EJB5071: Some remote or transactional roll back exception occurred:
ThreadID=61,ThreadName=p: thread-pool-1; w:
406ClassName=com.sun.ejb.containers.ContainerSynchronization;MethodName=beforeCompletion;
com.sun.jdo.api.persistence.support.JDODataStoreException: JDO76400: Got
JDBC SQLException while executing the SQL statement:
SQL statement<insert into "AB"("A_NAME", "B_NAME") values ( ?, ?)> with
input values:java.lang.String:a1, java.lang.String:b1.
Please examine the SQLException for more information.
NestedException: java.sql.SQLException: ORA-02291: integrity constraint
(EJB.FK_BEES) violated - parent key not found
FailedObjectArray: [ct.ABean_300913397_JDOState_at_2028db]
at
com.sun.jdo.spi.persistence.support.sqlstore.SQLStoreManager.throwJDOSqlException(SQLStoreManager.java:645)
The values that were about to be inserted into the database (here "a1"
and "b1") are logged in the server.log.
This data could be sensitive data and therefore should not be logged all
over the place.
AFAIK, the only way to prevent parameters from being logged is to
disable the EJB logger, but that prevents all error/warning/info
messages from being logged.
An easy way to fix it is to log the parameters only if the logging level
is CONFIG: that way they are not logged by default, but logging of them
can still be enabled (and will be enabled when setting the level to FINE
for debugging).
Thanks,
Dies