Peter Donald wrote: > > Hi, > > Doh! > > I just got feedback that points out that it possible to do a > masquerade (sp?) attack against LogKit via something like > > getLogger().getLogTargets()[0].processEvent( myEvilEvent ); > > So to fix this I suggest we deprecate Logger.getLogTargets() make it return a > zero sized array and instead add a "complimenting" setLogTargets() as > suggested below?
Masquerading is bad. What does the complimenting setLogTargets() afford us. Won't that allow the same type of problem? > > Thoughts? > > BTW I just noticed that Log4j added a MDC recently (6 hours ago) which is MDC? What's that? > essentially our ContextMap. Also their PatternFormatter was reworked in a > manner similar to ours. I wonder if we will be accused of stealing this > time... Ahh the joy of it all. You mean your innocent this time? ;) > On Mon, 6 Aug 2001 16:42, Peter Donald wrote: > > Hi, > > > > Heres some feedback got so far about logkit release. > > > > * Changelog should be below files listing on download page and should also > > include data like how to verify signatures > > * Release should say "why" you should upgrade +1 > > * LogTarget is a stupid name for what it does (no alternative offered) Gee that helps. > > * filters should be in org.apache.log.output.filter or similar (they are > > only used by output targets) -0 > > * OutputStreamLogger should be named LoggerOutputStream That makes sense +1 > > * documentation sucks (whitepaper does not list every output target or > > explain concepts well enough, javadocs missing overview docs for packages > > and classes) Can people be nicer? It does need the finishing touch. > > * Why use testlet when there is junit We do need to remove the reference to Testlet in the release docs. > > * why so big download (answer == tools/ext) Do we want to include all that? Maybe for the Source, but not for the binaries. > > I think this is the most feedback I have got from a release in such a short > > time. We are making noise, so people are paying attention. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
