This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Poor Logging Practice: Multiple Loggers"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to www.textallial.com)
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Template:Fortify}}
+
{{template:CandidateForDeletion}}
{{Template:Vulnerability}}
 
  
[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]
+
#REDIRECT [[Poor Logging Practice]]
  
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
 
  
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
 
 
[[ASDR Table of Contents]]
 
__TOC__
 
  
 +
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
  
 
==Description==
 
==Description==
Line 72: Line 67:
 
* [http://www.link2.com Title for the link2]
 
* [http://www.link2.com Title for the link2]
  
[[Category:FIXME|add links
 
 
In addition, one should classify vulnerability based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Vulnerability]]</nowiki>
 
 
Availability Vulnerability
 
 
Authorization Vulnerability
 
 
Authentication Vulnerability
 
 
Concurrency Vulnerability
 
 
Configuration Vulnerability
 
 
Cryptographic Vulnerability
 
 
Encoding Vulnerability
 
 
Error Handling Vulnerability
 
 
Input Validation Vulnerability
 
 
Logging and Auditing Vulnerability
 
  
Session Management Vulnerability]]
 
  
 
__NOTOC__
 
__NOTOC__
 
 
[[Category:OWASP ASDR Project]]
 
[[Category:Code Quality Vulnerability]]
 
[[Category:Logging and Auditing Vulnerability]]
 
[[Category:Java]]
 
[[Category:Implementation]]
 
[[Category:Code Snippet]]
 

Latest revision as of 18:29, 27 May 2009

Template:CandidateForDeletion 

#REDIRECT Poor Logging Practice


Last revision (mm/dd/yy): 05/27/2009

Description

It is a poor logging practice to use multiple loggers rather than logging levels in a single class.

Good logging practice dictates the use of a single logger that supports different logging levels for each class.


Risk Factors

TBD

Examples

The following code errantly declares multiple loggers. 

	public class MyClass {
	  private final static Logger good =     
				Logger.getLogger(MyClass.class);
	  private final static Logger bad =     
				Logger.getLogger(MyClass.class);
	  private final static Logger ugly =     
				Logger.getLogger(MyClass.class);
	  ...
	}


Related Attacks


Related Vulnerabilities

Related Controls


Related Technical Impacts


References

Note: A reference to related CWE or CAPEC article should be added when exists. Eg:



Retrieved from "https://wiki.owasp.org/index.php?title=Poor_Logging_Practice:_Multiple_Loggers&oldid=62632"