Poor Logging Practice
- This article includes content generously donated to OWASP by https://www.owasp.org/images/d/d1/Fortify.JPG.
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
Last revision (mm/dd/yy): 09/30/2008
Loggers should be declared to be static and final.
It is good programming practice to share a single logger object between all of the instances of a particular class and to use the same logger for the duration of the program.
The following statement errantly declares a non-static logger.
private final Logger logger = Logger.getLogger(MyClass.class);
Related Technical Impacts