[Esapi-user] ESAPI - Logging
williescholtz at gmail.com
Mon May 10 17:46:57 EDT 2010
Thank you very much for the response!
I am currently using the most recent version (v2 rc4)
Also, adding to the previous question, i currently initialize the
log4j properties via an httpservlet, but have noticed that ESAPI has
its own .xml props file in the classpath.
How can I override this with my own, to ensure the default settings do
not get used before the servlet gets invoked?
Sent from my iPhone
On 10 May 2010, at 7:21 PM, Jim Manico <jim.manico at owasp.org> wrote:
> The big benefit of ESAPI logging is:
> 1) Built in log injection prevention
> 2) Security-centric log messages (which is lacking from all other
> logging frameworks)
> 3) Logging integration with the various ESAPI components
> Before we go any further - what version of ESAPI Are you using?
> Thank you for considering ESAPI! :)
> Jim Manico
> OWASP Podcast Host/Producer
> OWASP ESAPI Project Manager
>> Hi Guys
>> I have recently started with an integration of ESAPI into our
>> current application,
>> we currently use commons logging as a logging framework with log4j
>> plugged in..
>> what would you suggest we use for logging, ESAPI or Commons Logging?
>> this is hard because we have a very big system with
>> private static final Log LOG = LogFactory.getLog(A.class);
>> statements everywhere, would you suggest that I change it to
>> ESAPI.getLogger(A.class) ?
>> Thank you very much
>> Willie Scholtz
>> Esapi-user mailing list
>> Esapi-user at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-user