Logging is essential for gathering debugging information, carrying out incident response or forensics activities and for maintaining incriminating evidence. However, sensitive data should not be logged for many reasons. Privacy of the stakeholders, limitations imposed by the law on collection of personal information, and data exposure through insiders are a few concerns. Sensitive information includes and is not limited to IP addresses, user names and passwords, email addresses, credit card numbers and any personally identifiable information such as social security numbers. In JDK v1.4 and above, the java.util.logging class provides the basic logging framework.
| Wiki Markup |
|---|
While we expect several instances of this anti-pattern, one example is of the fix provided in the LineControl Java client. Prior to version 0.8.1, the client logged sensitive information such as the local user's password. \[[CVE 08|AA. Java References#CVE 08]\] |
Noncompliant Code Example
...
| Wiki Markup |
|---|
\[[API 06|AA. Java References#API 06]\]] Class {{java.util.logging.Logger}}
\[[Sun 06|AA. Java References#Sun 06]\]] [Java Logging Overview|http://java.sun.com/javase/6/docs/technotes/guides/logging/overview.html]
\[[CVE 08|AA. Java References#CVE 08]\]] [CVE-2005-2990|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2990]
\[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 532|http://cwe.mitre.org/data/definitions/532.html] "Information Leak Through Log Files", [CWE ID 533|http://cwe.mitre.org/data/definitions/533.html] "Information Leak Through Server Log Files", [CWE ID 359|http://cwe.mitre.org/data/definitions/359.html] "Privacy Violation", [CWE ID 542|http://cwe.mitre.org/data/definitions/542.html] "Information Leak Through Cleanup Log Files" |
...