Yes, but the downside of that is that you must process the same records
over and over again each time they are viewed (by each individual user).
Making the modification when logging of the record itself makes the
change once for any potential viewer and addresses the effort to modify
the record at a point in time that will not affect the response of a
user waiting to see the record.
Joe
Paul McMahan wrote:
Either approach should work but I would prefer to address the
vulnerability in the log viewer portlet because it attaches the solution
closest to where the specific problem is at. Also, the logger will be
called on every request and doing the extra string manipulations could
affect the web container's throughput.
Best wishes,
Paul
On 1/17/06, *Joe Bohn* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Yes, this sounds like the best way to go.
Regarding the specific problem with the web console displaying the web
access log I'd like to get some consensus. Is this something that the
containers should modify when storing the URL as part of a message in
the appropriate web log? (I have confirmed this is a problem with both
Tomcat and Jetty)
Or, should we address this within the web access log viewer and/or
management objects to modify the content of the log records when they
are being displayed.
My preference would be to make the modification at the time the log
record is created.
Joe
--
Joe Bohn
joe.bohn at earthlink.net
"He is no fool who gives what he cannot keep, to gain what he cannot
lose." -- Jim Elliot
