On Fri, 1 Feb 2002, Paulo Gaspar wrote:
> Now, since you are also a security freak (like Peter Donald) I > have a (Devil's Advocate) question: > - What is the way to avoid that a "hostile logger" accesses the > objects that are passed to it? I'll send a longer email with comments on the logger - makeNewLogInstance is _very_ bad, and I'm sure Peter will point this out very soon :-) ( Ceki fixed this problem in log4j with a 'guard', there are other ways ). In any case, if the application is not trusting the logger, it shouldn't send information to it or call it. If it's not trusting the logger - it can send Strings or other imutable objects. However the logger will probably have more permissions than the application ( file access to log dir, etc ), so it's the logger that has to be protected from bad apps, not the reverse. And the current impl. doesn't seem to do that. I'm also not sure I like the discovery and creation mechanism - I would rather have a mechanism similar with jaxp, which is more flexible than the current fixed set of Class.forName(). And I don't like the mixing of impl. and interfaces at all. Again, that's just a quick look, I have a bit to much work to do. > Anyway, me thinks that it is not so natural that a "hostile > logger" creeps into a system. Not as natural as an "hostile app" > in a web/app service provider scenario. That's my view as well. Costin -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
