Log forging prevention
Hello, What's the recommended way to protect against log forging attacks with logback (using pattern layout) ? Is there a way to specify a set of reserved characters and tell logback to escape them ? Kind regards, Svetlin
Hello,
Hi,
What's the recommended way to protect against log forging attacks with logback (using pattern layout) ? Is there a way to specify a set of reserved characters and tell logback to escape them ?
You may want to have a look at the OWASP security logging project: https://github.com/javabeanz/owasp-security-logging/tree/master/owasp-s ecurity-logging-logback With kind regards thomas
I solved my problem using the "%replace(){}" pattern. The OWASP logging is not an option for me because it makes certain assumptions that are not true in my case - for instance it assumes that the log entry separator is a new line, and in my case it is not. Also it forces the usage of its "security layout", but I want to continue to use my pattern layout. Just for reference if someone faces the same issue and the %replace pattern is not enough for his usecase - the CompositeConverter is the way to go if one needs to decorate an existing converter and hence improve, modify or extend its behaviour. Kind regards, Svetlin В 19:58 +0100 на 03.11.2016 (чт), Thomas Meyer написа:
Hello,
Hi,
What's the recommended way to protect against log forging attacks with logback (using pattern layout) ? Is there a way to specify a set of reserved characters and tell logback to escape them ?
You may want to have a look at the OWASP security logging project: https://github.com/javabeanz/owasp-security-logging/tree/master/owasp -s ecurity-logging-logback
With kind regards thomas
_______________________________________________ logback-user mailing list logback-user@qos.ch http://mailman.qos.ch/mailman/listinfo/logback-user
participants (2)
-
Svetlin Zarev -
Thomas Meyer