[jira] [Commented] (LOG4NET-406) Log4Net breaks the Microsoft naming rules for namespaces
[ https://issues.apache.org/jira/browse/LOG4NET-406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13830104#comment-13830104 ] Jonathan Choy commented on LOG4NET-406: --- As a design guideline, this is a guidance, not a hard-and-fast rule. Having been in this namespace for a decade, there is only negative value in this proposal. For a new logging library it would make sense to comply with the Framework Design Guidelines. Log4Net breaks the Microsoft naming rules for namespaces Key: LOG4NET-406 URL: https://issues.apache.org/jira/browse/LOG4NET-406 Project: Log4net Issue Type: Improvement Components: Appenders, Core Affects Versions: 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.3.0, 1.2 Maintenance Release, 3.5, 4.0 Environment: Windows 7, .Net 4.0 Reporter: Michael Goldfinger Priority: Trivial Fix For: 1.3.0 The log4net namespace violates the naming convention for namespaces in .Net. http://msdn.microsoft.com/en-us/library/vstudio/ms229026(v=vs.100).aspx As stated Pacal casing should be used: Do use Pascal casing, and separate namespace components with periods (for example, Microsoft.Office.PowerPoint) -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (LOG4NET-282) Database Risk and PCI Compliance with ado.net appender
[ https://issues.apache.org/jira/browse/LOG4NET-282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13830181#comment-13830181 ] Jonathan Choy commented on LOG4NET-282: --- The mitigation for PCI compliance would seem to be the programmatic configuration of the appender which you need to write to the database, or the creation of a locally maintained appender which meets these security requirements. Recommend won't-fix. Database Risk and PCI Compliance with ado.net appender -- Key: LOG4NET-282 URL: https://issues.apache.org/jira/browse/LOG4NET-282 Project: Log4net Issue Type: Improvement Components: Appenders Affects Versions: 1.2.9, 1.2.10 Reporter: Tim Schwallie Labels: security Fix For: 1.2 Maintenance Release Per our PCI/Risk exposure reviewer, the ado.net appender in log4net is a risk. Essentially, if somebody can gain access to the config file, they can change the config file to run any query via an error. Obviously, there's a bigger concern if somebody can change a config file. The reviewer felt that with log4net being a popular tool this was a high risk cause of how easy it would be for an attacker to change it. Other logging tools make a call to a hard-coded stored procedure to log to a database. If the ado.net appender could be changed to call a fixed stored procedure and perhaps pass parameters with some fixed and maybe a concatenated string for a variable number of parameters, the risk would probably be removed. The SP would be responsible with working with the concatenated string. A formatter may be the way to go to make the concatenated string. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (LOG4NET-273) AdoNetAppender does not work if you dont copy System.Data.dll
[ https://issues.apache.org/jira/browse/LOG4NET-273?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13830183#comment-13830183 ] Jonathan Choy commented on LOG4NET-273: --- This reads as: Appender which states its dependency requires its dependency be satisfied. This is noise, not even a wish. AdoNetAppender does not work if you dont copy System.Data.dll - Key: LOG4NET-273 URL: https://issues.apache.org/jira/browse/LOG4NET-273 Project: Log4net Issue Type: Wish Affects Versions: 1.2.10 Environment: Windows 7, .Net 2.0 Reporter: Evald Priority: Minor Fix For: 1.2 Maintenance Release AdoNetAppender does not work if you dont copy System.Data.dll log4net writes at output this line: log4net:ERROR [AdoNetAppender] Failed to load connection type [System.Data.SqlClient.SqlConnection, System.Data] if you copy the dll than it begin working. here it is my config: appender name=SQLAppender type=log4net.Appender.AdoNetAppender bufferSize value=1 / connectionType value=System.Data.SqlClient.SqlConnection, System.Data / connectionString value=Data Source=localhost;initial catalog=testlog4net;integrated security=false;User ID=sa;Password=mypassword / commandText value=INSERT INTO testlog4net.dbo.Log ([Date],[Thread],[LevelName],[Logger],[Message]) VALUES (@log_date, @thread, @log_level, @logger, @message) / parameter parameterName value=@log_date / dbType value=Datetime / layout type=log4net.Layout.PatternLayout value=%date{'-'MM'-'dd HH':'mm':'ss'.'fff} / /parameter parameter parameterName value=@thread / dbType value=String / size value=255 / layout type=log4net.Layout.PatternLayout value=%thread / /parameter parameter parameterName value=@log_level / dbType value=String / size value=50 / layout type=log4net.Layout.PatternLayout value=%level / /parameter parameter parameterName value=@logger / dbType value=String / size value=255 / layout type=log4net.Layout.PatternLayout value=%logger / /parameter parameter parameterName value=@message / dbType value=String / size value=4000 / layout type=log4net.Layout.PatternLayout value=%message / /parameter /appender Thank you Regards -- This message was sent by Atlassian JIRA (v6.1#6144)