[logback-user] Log forging prevention

Svetlin Zarev svetlin.angelov.zarev at gmail.com
Fri Nov 4 17:48:50 UTC 2016

I solved my problem using the "%replace(){}" pattern. 

The OWASP logging is not an option for me because it makes certain
assumptions that are not true in my case - for instance it assumes that
the log entry separator is a new line, and in my case it is not. Also
it forces the usage of its "security layout", but I want to continue to
use my pattern layout.

Just for reference if someone faces the same issue and the %replace
pattern is not enough for his usecase - the CompositeConverter is the
way to go if one needs to decorate an existing converter and hence
improve, modify or extend its behaviour.  

Kind regards,

В 19:58 +0100 на 03.11.2016 (чт), Thomas Meyer написа:
> > Hello,
> Hi,
> > 
> > What's the recommended way to protect against log forging attacks
> > with
> > logback (using pattern layout) ? Is there a way to specify a set of
> > reserved characters and tell logback to escape them ?
> You may want to have a look at the OWASP security logging project:
> https://github.com/javabeanz/owasp-security-logging/tree/master/owasp
> -s
> ecurity-logging-logback
> With kind regards
> thomas
> _______________________________________________
> logback-user mailing list
> logback-user at qos.ch
> http://mailman.qos.ch/mailman/listinfo/logback-user

More information about the logback-user mailing list