Difference between revisions of "Poor Logging Practice"

From OWASP
Jump to: navigation, search
 
(Abstract)
Line 4: Line 4:
 
==Abstract==
 
==Abstract==
  
Declare loggers to be static and final.
+
Loggers should be declared to be static and final.
  
 
==Description==
 
==Description==

Revision as of 11:01, 21 July 2006

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


This article includes content generously donated to OWASP by Fortify.JPG.

Abstract

Loggers should be declared to be static and final.

Description

It is good programming practice to share a single logger object between all of the instances of a particular class and to use the same logger for the duration of the program.

Examples

The following statement errantly declares a non-static logger.

	private final Logger logger =     
				Logger.getLogger(MyClass.class);

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures

Categories