Trait safelog::Redactable
source · pub trait Redactable: Display + Debug {
fn display_redacted(&self, f: &mut Formatter<'_>) -> Result;
fn debug_redacted(&self, f: &mut Formatter<'_>) -> Result { ... }
fn redacted(&self) -> Redacted<&Self> { ... }
fn maybe_redacted(&self, redact: bool) -> MaybeRedacted<&Self> { ... }
}Expand description
A redactable object is one where we know a way to display part of it
when we are running with safe logging enabled.
For example, instead of referring to a user as So-and-So or [scrubbed],
this trait would allow referring to the user as S[...].
Privacy notes
Displaying some information about an object is always less safe than displaying no information about it!
For example, in an environment with only a small number of users, the first letter of a user’s name might be plenty of information to identify them uniquely.
Even if a piece of redacted information is safe on its own, several pieces of redacted information, when taken together, can be enough for an adversary to infer more than you want. For example, if you log somebody’s first initial, month of birth, and last-two-digits of ID number, you have just discarded 99.9% of potential individuals from the attacker’s consideration.
Required Methods§
sourcefn display_redacted(&self, f: &mut Formatter<'_>) -> Result
fn display_redacted(&self, f: &mut Formatter<'_>) -> Result
As Display::fmt, but produce a redacted representation.
Provided Methods§
sourcefn debug_redacted(&self, f: &mut Formatter<'_>) -> Result
fn debug_redacted(&self, f: &mut Formatter<'_>) -> Result
As Debug::fmt, but produce a redacted representation.
sourcefn redacted(&self) -> Redacted<&Self>
fn redacted(&self) -> Redacted<&Self>
Return a smart pointer that will display or debug this object as its redacted form.
sourcefn maybe_redacted(&self, redact: bool) -> MaybeRedacted<&Self>
fn maybe_redacted(&self, redact: bool) -> MaybeRedacted<&Self>
Return a smart pointer that redacts this object if redact is true.