[jira] [Commented] (LOG4NET-406) Log4Net breaks the Microsoft naming rules for namespaces

2013-11-22 Thread Jonathan Choy (JIRA) 

[ 
https://issues.apache.org/jira/browse/LOG4NET-406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13830104#comment-13830104
 ] 

Jonathan Choy commented on LOG4NET-406:
---

As a design guideline, this is a guidance, not a hard-and-fast rule. Having 
been in this namespace for a decade, there is only negative value in this 
proposal.

For a new logging library it would make sense to comply with the Framework 
Design Guidelines. 

 Log4Net breaks the Microsoft naming rules for namespaces
 

 Key: LOG4NET-406
 URL: https://issues.apache.org/jira/browse/LOG4NET-406
 Project: Log4net
  Issue Type: Improvement
  Components: Appenders, Core
Affects Versions: 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.3.0, 1.2 
 Maintenance Release, 3.5, 4.0
 Environment: Windows 7, .Net 4.0
Reporter: Michael Goldfinger
Priority: Trivial
 Fix For: 1.3.0


 The log4net namespace violates the naming convention for namespaces in .Net.
 http://msdn.microsoft.com/en-us/library/vstudio/ms229026(v=vs.100).aspx
 As stated Pacal casing should be used: Do use Pascal casing, and separate 
 namespace components with periods (for example, Microsoft.Office.PowerPoint)



--
This message was sent by Atlassian JIRA
(v6.1#6144)

[jira] [Commented] (LOG4NET-282) Database Risk and PCI Compliance with ado.net appender

2013-11-22 Thread Jonathan Choy (JIRA) 

[ 
https://issues.apache.org/jira/browse/LOG4NET-282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13830181#comment-13830181
 ] 

Jonathan Choy commented on LOG4NET-282:
---

The mitigation for PCI compliance would seem to be the programmatic 
configuration of the appender which you need to write to the database, or the 
creation of a locally maintained appender which meets these security 
requirements. Recommend won't-fix.

 Database Risk and PCI Compliance with ado.net appender
 --

 Key: LOG4NET-282
 URL: https://issues.apache.org/jira/browse/LOG4NET-282
 Project: Log4net
  Issue Type: Improvement
  Components: Appenders
Affects Versions: 1.2.9, 1.2.10
Reporter: Tim Schwallie
  Labels: security
 Fix For: 1.2 Maintenance Release


 Per our PCI/Risk exposure reviewer, the ado.net appender in log4net is a 
 risk. Essentially, if somebody can gain access to the config file, they can 
 change the config file to run any query via an error.
 Obviously, there's a bigger concern if somebody can change a config file. 
 The reviewer felt that with log4net being a popular tool this was a high risk 
 cause of how easy it would be for an attacker to change it.
 Other logging tools make a call to a hard-coded stored procedure to log to a 
 database.
 If the ado.net appender could be changed to call a fixed stored procedure and 
 perhaps pass parameters with some fixed and maybe a concatenated string for a 
 variable number of parameters, the risk would probably be removed. The SP 
 would be responsible with working with the concatenated string. A formatter 
 may be the way to go to make the concatenated string.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

[jira] [Commented] (LOG4NET-273) AdoNetAppender does not work if you dont copy System.Data.dll

2013-11-22 Thread Jonathan Choy (JIRA) 

[ 
https://issues.apache.org/jira/browse/LOG4NET-273?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13830183#comment-13830183
 ] 

Jonathan Choy commented on LOG4NET-273:
---

This reads as: Appender which states its dependency requires its dependency be 
satisfied.

This is noise, not even a wish.

 AdoNetAppender does not work if you dont copy System.Data.dll
 -

 Key: LOG4NET-273
 URL: https://issues.apache.org/jira/browse/LOG4NET-273
 Project: Log4net
  Issue Type: Wish
Affects Versions: 1.2.10
 Environment: Windows 7, .Net 2.0
Reporter: Evald
Priority: Minor
 Fix For: 1.2 Maintenance Release


 AdoNetAppender does not work if you dont copy System.Data.dll
 log4net writes at output this line: log4net:ERROR [AdoNetAppender] Failed to 
 load connection type [System.Data.SqlClient.SqlConnection, System.Data]
 if you copy the dll than it begin working.
 here it is my config:
  appender name=SQLAppender type=log4net.Appender.AdoNetAppender
   bufferSize value=1 /
   connectionType value=System.Data.SqlClient.SqlConnection, 
 System.Data /
   connectionString value=Data Source=localhost;initial 
 catalog=testlog4net;integrated security=false;User ID=sa;Password=mypassword 
 /
   commandText value=INSERT INTO testlog4net.dbo.Log 
 ([Date],[Thread],[LevelName],[Logger],[Message]) VALUES (@log_date, @thread, 
 @log_level, @logger, @message) /
   parameter
 parameterName value=@log_date /
 dbType value=Datetime /
 layout type=log4net.Layout.PatternLayout 
 value=%date{'-'MM'-'dd HH':'mm':'ss'.'fff} /
   /parameter
   parameter
 parameterName value=@thread /
 dbType value=String /
 size value=255 /
 layout type=log4net.Layout.PatternLayout value=%thread /
   /parameter
   parameter
 parameterName value=@log_level /
 dbType value=String /
 size value=50 /
 layout type=log4net.Layout.PatternLayout value=%level /
   /parameter
   parameter
 parameterName value=@logger /
 dbType value=String /
 size value=255 /
 layout type=log4net.Layout.PatternLayout value=%logger /
   /parameter
   parameter
 parameterName value=@message /
 dbType value=String /
 size value=4000 /
 layout type=log4net.Layout.PatternLayout value=%message /
   /parameter
 
 /appender
 Thank you
 Regards



--
This message was sent by Atlassian JIRA
(v6.1#6144)