[OWASP_PHPSEC] Daily Report - 17 July, 2013

rahul chaudhary rahul300chaudhary400 at gmail.com
Wed Jul 17 10:18:05 UTC 2013


Hello All,

Today was all about trying to prepare as much as I can about "Logging
Systems". Its an important part for any application.
Today I read some existing logging real-world examples, most of them just
gave simple ways to log things in file. But what we want is something more
sophisticated. We want to log in files, syslogs, DB, console, XML etc.
So, finally these two articles are the most important ones to consider:
1) Log4PHP - This logging library is pretty decent and is widely accepted.
I liked many of its functionality including they way they have abstracted
the components...and their support for XMLs. Infact there are many
functions in there that could help us create our own logging library.
One thing that I did not find, or maybe I missed was the lack of proper
search capabilities. There will be a problem in searching logs as they are
not arranged properly. There is no format defined. It has to be handled by
the users.

2) OWASPs Log Management:
https://www.owasp.org/index.php/Log_review_and_management
In this article the suggestions were really helpful...


So, here is what I was thinking...let us create the logging library same
way as is done in "Log4PHP". Most of its functions are in my view "The
right way". As for the search part, we can create a new function to define
the template for the logs...e.g.
[Icon] [TYPE] [DATE] [Time] [File] [Message] [Length]

This proto-type will now be applied to all the storage units i.e. for
files, this would be the template of each line;     for DB, these would be
the column names;     for XML, these could be the tag names. etc.

We can also provide functions so that users can define their own labels for
the classification of logs....in "Log4PHP" these labels are already defined
and cannot be changed.

Also as in "Log4PHP", we can make our library in such a way that they
follow hierarchy. Thus it can be used by developers in OOP way.

MORE SUGGESTIONS ARE WELCOME.


Next I also did some wiki stuff. I have decided that I will add something
to the wiki everyday. This would relieve some pressure for me ... :)
I added some text under session management. I am still trying to learn
basics in OWASPs wiki...so that is taking some time....Also its hard to be
creative in writing... :D :P

-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130717/9b216d73/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list