[logback-user] Log Forgery - an ideas?
kommersz
kommersz at freemail.hu
Tue Aug 13 19:01:15 CEST 2013
Hi Logback people, I am now looking for a logging solution to use in a larger piece of software, which would provide protection against Log Forgery (http://cwe.mitre.org/data/definitions/117.html), even in cases when logging to a text file is configured (log forgery is basically about strings containing linefeeds being passed over to the logging framework - if the srings are manipulated in the right way, the new entries look like if they were "real" log entries)I already had a look at log4j, and talked to some people, but to me it seems that they do not offer, and do not want to offer any sort of protection. So I would like to consider now Logback - and hence the question: is Logback offering any sort of solution, or is any solution planned? Cheers,Gabor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.qos.ch/pipermail/logback-user/attachments/20130813/18f09a8c/attachment.html>
More information about the Logback-user
mailing list