While running Cayenne with a Java application in DEBUG Mode, the cayenne operations are visible - passwords can be seen in the logs, when a password is changed.
Unable to find information about controlling logging at a bean or class level. The log looks something like !MESSAGE [batch bind: 1->USERPWD:'1923a3d170120bb7709ef2f733c0cd...', 2->SECURID:19]
It would be good to stop logging all password related changes
Your password is hashed (which is great), and the hash is trimmed, so you are not exposing much. But if you want to be extra cautious, you can install your own JdbcEventLogger:
ServerRuntime rt = ServerRuntime.builder()
.addModule(b -> b.bind(JdbcEventLogger.class).to(MyJdbcEventLogger.class)
....
In Cayenne 4.1 for MyJdbcEventLogger you can subclass Slf4jJdbcEventLogger, overriding its appendParameters to check for parameters that look like passwords. In 4.0 appendParameters is a private method, so you may have to copy/paste the entire Slf4jJdbcEventLogger in your code and make the changes there.
