[Esapi-user] ESAPI - Logging

Willie Scholtz williescholtz at gmail.com
Mon May 10 17:46:57 EDT 2010


Hi Jim

Thank you very much for the response!
I am currently using the most recent version (v2 rc4)

Also, adding to the previous question, i currently initialize the  
log4j properties via an httpservlet, but have noticed that ESAPI has  
its own .xml props file in the classpath.

How can I override this with my own, to ensure the default settings do  
not get used before the servlet gets invoked?

Sincerely,
Willie Scholtz

Sent from my iPhone

On 10 May 2010, at 7:21 PM, Jim Manico <jim.manico at owasp.org> wrote:

> Willie,
>
> The big benefit of ESAPI logging is:
>
> 1) Built in log injection prevention
> 2) Security-centric log messages (which is lacking from all other  
> logging frameworks)
> 3) Logging integration with the various ESAPI components
>
> Before we go any further - what version of ESAPI Are you using?
>
> Thank you for considering ESAPI! :)
> -- 
> Jim Manico
> OWASP Podcast Host/Producer
> OWASP ESAPI Project Manager
> http://www.manico.net
>
>
>> Hi Guys
>>
>> I have recently started with an integration of ESAPI into our  
>> current application,
>> we currently use commons logging as a logging framework with log4j  
>> plugged in..
>>
>> what would you suggest we use for logging, ESAPI or Commons Logging?
>>  this is hard because we have a very big system with
>>
>>  private static final Log LOG = LogFactory.getLog(A.class);
>>
>> statements everywhere, would you suggest that I change it to  
>> ESAPI.getLogger(A.class) ?
>>
>>
>> Thank you very much
>> -- 
>> Sincerely
>> Willie Scholtz
>>
>> _______________________________________________
>> Esapi-user mailing list
>> Esapi-user at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/esapi-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100510/fc5740e2/attachment.html 


More information about the Esapi-user mailing list