Back to Security Pattern Catalog




Secure Logger


Classification Key : Core Security, Repudiation

Problem

Application Logs have to be created appropriately at multiple points during an application’s operational life cycle. Event logs and related data must be secured against alteration by an attacker. Log data should not be accessible to unauthorized personnel. How can you log the events correctly and securely and in a timely manner?

Solution

Use a centrally controlled logging functionality that can be used in various places throughout the application request and response. Decouple the logging functionality and provide it as a component or service to be used throughout the application. Cryptographically secure the logged data and keep additional information to verify the integrity of logged data. Control access to the log so that unauthorized users cannot view content.

Known Uses

Security Logging in J2EE services.

Source

Sun Book

Tags

Logging


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz