...
The java.util.logging class provides the a basic logging framework in for JDK v1versions 1.4 and above; the examples below use the logging framework. The higher. Other logging frameworks exist, however, the basic principles apply regardless of the particular logging framework chosen.
A program may support multiple Programs must typically support varying levels of sensitivityprotection. Some information, such as access times can be safely logged. Some infomration information can be logged, but the log file must be restricted from everyone but particular administrators. Other information, such as credit card numbers can only be logged in encrypted form. Other information, such as passwords, should not be logged at all.
For these code samples, we will assume that the log in question lies outside the trust boundary of the information being sent to it. Also, normal log messages should include additional parameters such as date, time, source event, etc.. We omit them in these and so forth. This information has been ommitted from our examples for the sake of brevity.
Noncompliant Code Example
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="357a9c9623e372d6-d6ebc3ab-45e142ff-b3ed93ac-833ee7b90594de9aec5d43d0"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 532 | http://cwe.mitre.org/data/definitions/532.html] "Information Exposure Through Log Files" | ]]></ac:plain-text-body></ac:structured-macro> |
| CWE ID 533 "Information Exposure Through Server Log Files" | ||||
| CWE ID 359 "Privacy Violation" | ||||
| CWE ID 542 "Information Exposure Through Cleanup Log Files" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="687e9aeb5751ab9b-c5b2286a-4c6f4562-91e8b97e-27ed101d7ae40328c3d35742"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | Class | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e50214f795baf63f-2a2db88c-49054fa7-b7ae99b5-1e25bfccf1e0e82412c4aadf"><ac:plain-text-body><![CDATA[ | [[Chess 2007 | AA. Bibliography#Chess 07]] | 11.1 Privacy and Regulation: Handling Private Information | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="47ab828f72b64886-a2bde7b9-49314bfa-9929a5e8-f430133935014eaf68a10fbe"><ac:plain-text-body><![CDATA[ | [[CVE 2008 | AA. Bibliography#CVE 08]] | [CVE-2005-2990 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2990] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ff72f6762310bd39-29ad3b76-4c3841c0-90f78da0-e0fcd1185127ddf0c1a52bf1"><ac:plain-text-body><![CDATA[ | [[Sun 2006 | AA. Bibliography#Sun 06]] | [Java Logging Overview | http://java.sun.com/javase/6/docs/technotes/guides/logging/overview.html] | ]]></ac:plain-text-body></ac:structured-macro> |
...