This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Poor Logging Practice"
From OWASP
| Line 1: | Line 1: | ||
| + | {{Template:Vulnerability}} | ||
{{Template:Fortify}} | {{Template:Fortify}} | ||
| − | |||
| − | [[ | + | __TOC__ |
| + | |||
| + | [[ASDR Table of Contents]] | ||
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | ||
| − | |||
| − | [[ | + | [[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]] |
| − | |||
| Line 98: | Line 98: | ||
[[Category:Code Snippet]] | [[Category:Code Snippet]] | ||
[[Category:Logging and Auditting Vulnerability]] | [[Category:Logging and Auditting Vulnerability]] | ||
| + | [[Category:Vulnerability]] | ||
Revision as of 14:58, 5 November 2008
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
- This article includes content generously donated to OWASP by
Last revision (mm/dd/yy): 11/5/2008
Description
Loggers should be declared to be static and final.
It is good programming practice to share a single logger object between all of the instances of a particular class and to use the same logger for the duration of the program.
Risk Factors
TBD
Examples
The following statement errantly declares a non-static logger.
private final Logger logger = Logger.getLogger(MyClass.class);
Related Attacks
Related Vulnerabilities
Related Controls
Related Technical Impacts
References
Note: A reference to related CWE or CAPEC article should be added when exists. Eg:
