> In a language that includes a generic dump routine that can convert an arbitrary data structure into a useful string representation, or that makes it easy to write such a routine if one is not built in, people tend to use that facility to convert things for logging.
I'm reminded of one such system I did in C#, where I knew ahead of time that some fields passed to the logger may contain user data. I added a [Sensitive] attribute that a property accessor can be tagged with, and the logger reflected upon this and replaced contents with a placeholder if it was there.
So I don't really buy that as too compelling an excuse. People who are mindful, careful about what they are doing, and respectful of the user will engineer, document, and evangelize solutions.
I'm reminded of one such system I did in C#, where I knew ahead of time that some fields passed to the logger may contain user data. I added a [Sensitive] attribute that a property accessor can be tagged with, and the logger reflected upon this and replaced contents with a placeholder if it was there.
So I don't really buy that as too compelling an excuse. People who are mindful, careful about what they are doing, and respectful of the user will engineer, document, and evangelize solutions.