This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Poor Logging Practice"
From OWASP
| Line 7: | Line 7: | ||
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | ||
| − | |||
| − | |||
| − | |||
==Description== | ==Description== | ||
| + | ===Logger Not Declared Static Final=== | ||
Loggers should be declared to be static and final. | Loggers should be declared to be static and final. | ||
It is good programming practice to share a single logger object between all of the instances of a particular class and to use the same logger for the duration of the program. | It is good programming practice to share a single logger object between all of the instances of a particular class and to use the same logger for the duration of the program. | ||
| + | |||
| + | The following statement errantly declares a non-static logger. | ||
| + | |||
| + | <pre> | ||
| + | private final Logger logger = | ||
| + | Logger.getLogger(MyClass.class); | ||
| + | </pre> | ||
| + | |||
| + | |||
| Line 24: | Line 31: | ||
==Examples== | ==Examples== | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Revision as of 00:07, 18 February 2009
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
- This article includes content generously donated to OWASP by
Last revision (mm/dd/yy): 02/18/2009
Description
Logger Not Declared Static Final
Loggers should be declared to be static and final.
It is good programming practice to share a single logger object between all of the instances of a particular class and to use the same logger for the duration of the program.
The following statement errantly declares a non-static logger.
private final Logger logger = Logger.getLogger(MyClass.class);
Risk Factors
TBD
Examples
Related Attacks
Related Vulnerabilities
Related Controls
Related Technical Impacts
References
Note: A reference to related CWE or CAPEC article should be added when exists. Eg:
