Back to Security Pattern Catalog
: Core Security, Repudiation
Application Logs have to be created appropriately at multiple points during an application’s operational life cycle. Event logs and related data must be secured against alteration by an attacker. Log data should not be accessible to unauthorized personnel.
How can you log the events correctly and securely and in a timely manner?
Use a centrally controlled logging functionality that can be used in various places throughout the application request and response. Decouple the logging functionality and provide it as a component or service to be used throughout the application. Cryptographically secure the logged data and keep additional information to verify the integrity of logged data. Control access to the log so that unauthorized users cannot view content.
Security Logging in J2EE services.
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz