Home > -English-, Security > Building secure application by consistent logging

Building secure application by consistent logging

July 26th, 2007 Leave a comment Go to comments

I like the idea in this article. The system designer need to have a global parameter to switch them on/off. The syslog level of these kind of log should be something like “informational”. Programmers must take it carefully, or the system performance might be impact.

Let’s consider another example – one in which an input validation routine finds a character potentially being used for SQL Injection. Note that this example uses “blacklisting” or “known-bad validation”, which is a less-than-ideal approach to input validation but one used often nonetheless:

if (!request.desc.indexOf(‘;’) != 0)
{ //possible SQL Injection character
log.fine("Possible SQL injection character ';' in request.desc
value of " + request.desc);

Be Sociable, Share!
Categories: -English-, Security Tags: ,
  1. No comments yet.
  1. No trackbacks yet.
CAPTCHA Image
*