PasswordType param logged as cleartext in custom sinks

[King Lung Chiu]

Hi Jason,

The custom sink I'm writing uses a PasswordType for one of its parameters. My understanding is that this type of parameters are designed for supplying sensitive values to services and are not logged by Mediaflux.

However, we've noticed that for sinks (DataSinkImpl), these parameters are actually still logged as plain text in http.1.log as part of the shopping.cart.modify service call, ie. all delivery-arg elements are logged, even if they're of PasswordType.

Could this be changed so they're no longer logged?

Or am I missing something?

Thanks!

King