Poor Logging Practice: Logger Not Declared Static Final

From OWASP

Jump to: navigation, search

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

This article includes content generously donated to OWASP by

.

Abstract

Loggers should be declared to be static and final.

Description

It is good programming practice to share a single logger object between all of the instances of a particular class and to use the same logger for the duration of the program.

Examples

The following statement errantly declares a non-static logger.

	private final Logger logger =     
				Logger.getLogger(MyClass.class);

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures

Categories

Retrieved from "http://www.owasp.org/index.php/Poor_Logging_Practice:_Logger_Not_Declared_Static_Final"

Categories: OWASP ASDR Project | Code Quality Vulnerability | Java | Implementation | Code Snippet | Logging and Auditting Vulnerability

Views

Personal tools

Log in / create account

Reference

search

Toolbox