Document log redaction XML chunk for opensrf_core.xml

Based on Bill Erickson's original version.

Signed-off-by: Dan Scott <dscott@laurentian.ca>
Signed-off-by: Bill Erickson <berick@esilibrary.com>

diff --git a/docs/RELEASE_NOTES_2_3.txt b/docs/RELEASE_NOTES_2_3.txt
index 4d81226..b8fc6be 100644 (file)
--- a/docs/RELEASE_NOTES_2_3.txt
+++ b/docs/RELEASE_NOTES_2_3.txt
@@ -6,7 +6,32 @@ Release notes
 Upgrade notes
 -------------
 
-Coming Soon.
+Log Protect (redaction)
+~~~~~~~~~~~~~~~~~~~~~~~
+To prevent sensitive information such as passwords from being logged
+in general activity logs, add the following XML chunk to the bottom of
+`opensrf_core.xml`, just inside the `<config>` section:
+
+[source, xml]
+----------------------------------------------------------------
+  ...
+  </routers>
+  <shared> <!-- new block starts here -->
+    <log_protect>
+      <match_string>open-ils.auth.authenticate.verify</match_string>
+      <match_string>open-ils.auth.authenticate.complete</match_string>
+      <match_string>open-ils.auth_proxy.login</match_string>
+      <match_string>open-ils.actor.user.password</match_string>
+      <match_string>open-ils.actor.user.username</match_string>
+      <match_string>open-ils.actor.user.email</match_string>
+      <match_string>open-ils.actor.patron.update</match_string>
+      <match_string>open-ils.cstore.direct.actor.user.create</match_string>
+      <match_string>open-ils.cstore.direct.actor.user.update</match_string>
+      <match_string>open-ils.cstore.direct.actor.user.delete</match_string>
+    </log_protect>
+  </shared> <!-- new block ends here -->
+</config>
+----------------------------------------------------------------
 
 New features
 ------------