Paul McMahan wrote:
Either approach should work but I would prefer to address the
vulnerability in the log viewer portlet because it attaches the
solution closest to where the specific problem is at. Also, the
logger will be called on every request and doing the extra string
manipulations could affect the web container's throughput.
Best wishes,
Paul
This reflects my sentiments as well.
John
On 1/17/06, *Joe Bohn* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Yes, this sounds like the best way to go.
Regarding the specific problem with the web console displaying the web
access log I'd like to get some consensus. Is this something that the
containers should modify when storing the URL as part of a message in
the appropriate web log? (I have confirmed this is a problem with
both
Tomcat and Jetty)
Or, should we address this within the web access log viewer and/or
management objects to modify the content of the log records when they
are being displayed.
My preference would be to make the modification at the time the log
record is created.
Joe
