...
Logging unsanitized user input can also result in leaking sensitive data across a trust boundary or storing sensitive data in a manner that violates local law or regulation. For example, if a user can inject an unencrypted credit card number into a log file, the system could violate PCI DSS (Payment Card Industry Data Security Standard) regulations [PCI 2010]an attacker might inject a script into the log file such that, if viewed using a web browser, could provide the attacker with a copy of the operator/administrator's cookie so that he might gain access as that user. See IDS00-J. Sanitize untrusted data passed across a trust boundary for more details on input sanitization.
...
[API 2006] | Java Platform, Standard Edition 6 API Specification | ||
| Payment Card Industry (PCI) Data Security Standard |
...