Poor Logging Practice

From OWASP
Revision as of 11:01, 21 July 2006 by Weilin Zhong (Talk | contribs)

Jump to: navigation, search

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


This article includes content generously donated to OWASP by Fortify.JPG.

Abstract

Loggers should be declared to be static and final.

Description

It is good programming practice to share a single logger object between all of the instances of a particular class and to use the same logger for the duration of the program.

Examples

The following statement errantly declares a non-static logger.

	private final Logger logger =     
				Logger.getLogger(MyClass.class);

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures

Categories