...
If the log cannot be trusted to hold the IP address, it should not hold any info about a SecurityException. When an exception contains sensitive information, the custom MyExceptionReporter class should extract or cleanse it, before returning control to the next statement in the catch block. (See guideline ERR01ERR00-J. Use a class dedicated to reporting Do not suppress or ignore checked exceptions.)
| Code Block | ||
|---|---|---|
| ||
public void logRemoteIPAddress(String name) {
Logger logger = Logger.getLogger("com.organization.Log");
InetAddress machine = null;
try {
machine = InetAddress.getByName(name);
} catch (UnknownHostException e) {
Exception e = MyExceptionReporter.handle(e);
} catch (SecurityException e) {
Exception e = MyExceptionReporter.handle(e);
logger.severe(name + "," + machine.getHostAddress() + "," + e.toString());
}
}
|
...