[logback-user] Log forging prevention
Svetlin Zarev
svetlin.angelov.zarev at gmail.com
Fri Nov 4 17:48:50 UTC 2016
I solved my problem using the "%replace(){}" pattern.
The OWASP logging is not an option for me because it makes certain
assumptions that are not true in my case - for instance it assumes that
the log entry separator is a new line, and in my case it is not. Also
it forces the usage of its "security layout", but I want to continue to
use my pattern layout.
Just for reference if someone faces the same issue and the %replace
pattern is not enough for his usecase - the CompositeConverter is the
way to go if one needs to decorate an existing converter and hence
improve, modify or extend its behaviour.
Kind regards,
Svetlin
В 19:58 +0100 на 03.11.2016 (чт), Thomas Meyer написа:
> > Hello,
>
> Hi,
>
> >
> > What's the recommended way to protect against log forging attacks
> > with
> > logback (using pattern layout) ? Is there a way to specify a set of
> > reserved characters and tell logback to escape them ?
>
> You may want to have a look at the OWASP security logging project:
> https://github.com/javabeanz/owasp-security-logging/tree/master/owasp
> -s
> ecurity-logging-logback
>
> With kind regards
> thomas
>
> _______________________________________________
> logback-user mailing list
> logback-user at qos.ch
> http://mailman.qos.ch/mailman/listinfo/logback-user
More information about the logback-user
mailing list