Difference between revisions of "Poor Logging Practice"

From OWASP
Jump to: navigation, search
Line 7: Line 7:
  
 
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
 
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
 
 
[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]
 
  
  
 
==Description==
 
==Description==
  
 +
===Logger Not Declared Static Final===
 
Loggers should be declared to be static and final.
 
Loggers should be declared to be static and final.
  
 
It is good programming practice to share a single logger object between all of the instances of a particular class and to use the same logger for the duration of the program.
 
It is good programming practice to share a single logger object between all of the instances of a particular class and to use the same logger for the duration of the program.
 
 
==Risk Factors==
 
 
TBD
 
 
==Examples==
 
  
 
The following statement errantly declares a non-static logger.
 
The following statement errantly declares a non-static logger.
Line 31: Line 22:
 
Logger.getLogger(MyClass.class);
 
Logger.getLogger(MyClass.class);
 
</pre>
 
</pre>
 +
 +
 +
 +
 +
==Risk Factors==
 +
 +
TBD
 +
 +
==Examples==
  
  

Revision as of 19:07, 17 February 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


This article includes content generously donated to OWASP by Fortify.JPG.

Contents


ASDR Table of Contents

Last revision (mm/dd/yy): 02/17/2009


Description

Logger Not Declared Static Final

Loggers should be declared to be static and final.

It is good programming practice to share a single logger object between all of the instances of a particular class and to use the same logger for the duration of the program.

The following statement errantly declares a non-static logger.

	private final Logger logger =     
				Logger.getLogger(MyClass.class);



Risk Factors

TBD

Examples

Related Attacks


Related Vulnerabilities

Related Controls


Related Technical Impacts


References

Note: A reference to related CWE or CAPEC article should be added when exists. Eg: