...
| Wiki Markup |
|---|
Violations of this guidelinerule are common. For example, prior to version 0.8.1, LineControl Java client logged sensitive information including the local user's password \[[CVE 2008|AA. Bibliography#CVE 08]\]. |
...
If the log cannot be trusted to hold the IP address, it should not hold any info about a SecurityException. When an exception contains sensitive information, the custom MyExceptionReporter class should extract or cleanse it, before returning control to the next statement in the catch block. (See guideline rule ERR00-J. Do not suppress or ignore checked exceptions.)
...
Search for vulnerabilities resulting from the violation of this guideline rule on the CERT website.
Bibliography
...