avalon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Donald <dona...@apache.org>
Subject Re: [Logkit] feedback
Date Tue, 07 Aug 2001 02:33:10 GMT
Hi,

Doh! 

I just got feedback that points out that it possible to do a 
masquerade (sp?) attack against LogKit via something like

getLogger().getLogTargets()[0].processEvent( myEvilEvent );

So to fix this I suggest we deprecate Logger.getLogTargets() make it return a 
zero sized array and instead add a "complimenting" setLogTargets() as 
suggested below? 

Thoughts?

BTW I just noticed that Log4j added a MDC recently (6 hours ago) which is 
essentially our ContextMap. Also their PatternFormatter was reworked in a 
manner similar to ours. I wonder if we will be accused of stealing this 
time... Ahh the joy of it all.

On Mon,  6 Aug 2001 16:42, Peter Donald wrote:
> Hi,
>
> Heres some feedback got so far about logkit release.
>
> * Changelog should be below files listing on download page and should also
> include data like how to verify signatures
> * Release should say "why" you should upgrade
> * Somethings were in but not mentioned in ChangeLog (ie MemoryTarget)
> * Logger.setLogTargets() should provide a method that "compliments"
> existing targets (like additivity=true in log4j).
> * LogTarget is a stupid name for what it does (no alternative offered)
> * filters should be in org.apache.log.output.filter or similar (they are
> only used by output targets)
> * OutputStreamLogger should be named LoggerOutputStream
> * documentation sucks (whitepaper does not list every output target or
> explain concepts well enough, javadocs missing overview docs for packages
> and classes)
> * Why use testlet when there is junit
> * why so big download (answer == tools/ext)
>
> I think this is the most feedback I have got from a release in such a short
> time.
>
> Cheers,
>
> Pete
>
> *-----------------------------------------------------*
>
> | "Faced with the choice between changing one's mind, |
> | and proving that there is no need to do so - almost |
> | everyone gets busy on the proof."                   |
> |              - John Kenneth Galbraith               |
>
> *-----------------------------------------------------*
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: avalon-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: avalon-dev-help@jakarta.apache.org

-- 
Cheers,

Pete

*-----------------------------------------------------*
| "Faced with the choice between changing one's mind, |
| and proving that there is no need to do so - almost |
| everyone gets busy on the proof."                   |
|              - John Kenneth Galbraith               |
*-----------------------------------------------------*

---------------------------------------------------------------------
To unsubscribe, e-mail: avalon-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: avalon-dev-help@jakarta.apache.org


Mime
View raw message