Poor Logging Practice

ASDR Table of Contents

Last revision (mm/dd/yy): //

Description
Loggers should be declared to be static and final.

It is good programming practice to share a single logger object between all of the instances of a particular class and to use the same logger for the duration of the program.

Risk Factors
TBD

Examples
The following statement errantly declares a non-static logger.

private final Logger logger = Logger.getLogger(MyClass.class);

Related Attacks

 * Attack 1
 * Attack 2

Related Vulnerabilities

 * Vulnerability 1
 * Vulnerabiltiy 2

Related Controls

 * Control 1
 * Control 2

Related Technical Impacts

 * Technical Impact 1
 * Technical Impact 2