Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
When I run Fortify Scan on my project i do see that i’m logging the exceptions using
LOGGER.error(e.getMessage(),e);
and it says this is not the right way because attckers may get access to this info and get system info from this and plan an attack.
What is the best way to do this?(without compramising on the security)?
That reasoning is frankly ridiculous in most cases. Your LOGGER object should be writing to the local filesystem, and if a remote attacker can access your filesystem you’ve got way bigger problems.
Restrict access to your log files as appropriate, and then log to your heart’s content.