Secure logging in java_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-03-09 17:09 出处：网络

I\'d like to have secure logging in my application, so that: if I log something,开发者_Python百科 the logging function should return happily if and only if the loggging was successful

I'd like to have secure logging in my application, so that:

if I log something,开发者_Python百科 the logging function should return happily if and only if the loggging was successful
the logfile should not be manipulated easily, so I should easily spot if someone
- deletes from the logfile
- alters the logfile
- creates new entries to the logfile

So something, which reliably logs to a file with PKCS should suffice.

Is there a library which suit my needs, or should I write one from scratch?

EDIT Application is on server.

Taking the second requirement first, to provide integrity protection you need to either sign the log messages or generate an HMAC of the messages. That in turn requires that the app have access to either a private key for signing or a symmetric key for generating authentication codes.

That, in turn, means that you need to limit access to your app so that the key can't be extracted from it. This means that you've gone from trusting the access control on the log file to trusting the access control on your application. Compromised access to the application still allows third parties to modify your log file in a 'supported' fashion.

You can possibly, depending on the structure of your application and how it's deployed, use Mandatory Access Controls on the log file to make it append-only to users of the app, to mitigate the possibility of tampering or removing existing messages. You could additionally take periodic backups of the log file, and compare the content to ensure that nothing has been changed or removed between backups. This assumes that access to your backups is also controlled - a third party who can tamper with your backups can tamper with your log files in an undetectable fashion.

You didn't mention whether the application is on a server, desktop or smartphone, so the specifics of such access control aren't in scope for this answer.

As far as ensuring that a message has been successfully written before the app continues is concerned, Apache's log4j contains appenders that support this M.O. (just don't wrap them in AsyncAppender…)

Take a look at the OWASP ESAPI Java library. It has a Log4J compatible Logger that will escape log output and strip out carriage returns for you. It can also be configured to output unique transaction and session IDs to avoid logging a user's actual container session ID.