This content has been marked as final.
Show 3 replies
-
1. Re: JBAS-2243 - SecurityExceptions
adrian.brock Sep 12, 2005 10:18 PM (in response to adrian.brock)"adrian@jboss.org" wrote:
log.warn("Access Denied", realError);
And this logging could be a DOS if it fills up the disk. :-) -
2. Re: JBAS-2243 - SecurityExceptions
starksm64 Sep 12, 2005 10:41 PM (in response to adrian.brock)Yes, I know, but exposing this info via a log is not a security risk. If you have access to the log its not our problem.
-
3. Re: JBAS-2243 - SecurityExceptions
elkner Sep 13, 2005 12:52 AM (in response to adrian.brock)Yepp. If the server aka logs/configs are not secured, than the setup/admin has some problems ...
At least my ideal world would have something like this in the server [auth.]log:log.warn("auth failed. principal=" + princ + " host=" + clientIP);