[xwiki-devs] A problem of secret with jobs

Hello, I use the Job Module [1] for an extension, and discovered something that could be a concern ... Logs of job execution are stored in permanent directory, which is good. But when using the "{}" notation for writing logs as recommended, the following is output in the "status.xml" file: <org.xwiki.logging.event.LogEvent> <level>DEBUG</level> <message>blablabla</message> <argumentArray> [[ dump of arguments ]] <argumentArray> Inside <ArgumentArray>, all attributes of the object passed as argument to the logger method seem to be dumped - not just a toString(). Currently, in my case sometimes the object I pass contain a password ... I thought I prevented this password from being output in logs by taking care of printing "***" in the related toString, but in fact this way it gets in clear in the status.xml ... I see those possibilities: a- store this password encrypted and decrypt it only when used b- have a possibility to filter what is output in this <argumentArray> (blacklist some attributes) c- only pass individual attributes as parameter and not my full object Obviously a- is the best solution in terms of security. Would xwiki bring me some helpful methods to implement it (server side) ? c- is the short term efficient workaround of course, but I would still be interested to know if there are some crypto tools provided by xwiki (well, most problematic would be to know where/how to store the secret needed for encryption/decryption in an extension, if I want to do more than some scrambling). WDYT ? Thanks, Jeremie [1] http://extensions.xwiki.org/xwiki/bin/view/Extension/Job+Module