防止黑客通过提交crlf字符伪造日志输出,采用统一在logback输出的时候对记录的log输出进行任何crlf字符进行编码,无需针对某一条log输出进行编码输出
--pom依赖
<!-- https://mvnrepository.com/artifact/org.owasp/security-logging-logback -->
<dependency>
<groupId>org.owasp</groupId>
<artifactId>security-logging-logback</artifactId>
<version>1.1.6</version>
</dependency>
![](https://img.laitimes.com/img/9ZDMuAjOiMmIsIjOiQnIsISPrdEZwZ1Rh5WNXp1bwNjW1ZUba9VZwlHdsATOfd3bkFGazxCMx8VesATMfhHLlN3XnxCMwEzX0xiRGZkRGZ0Xy9GbvNGLpZTY1EmMZVDUSFTU4VFRR9Fd4VGdsYTMfVmepNHLrJXYtJXZ0F2dvwVZnFWbp1zczV2YvJHctM3cv1Ce-cmbw5iM4ITOxM2YyYzMxgTMhNDOxYzXzUTMwcTM0AzLcFTMxIDMy8CXn9Gbi9CXzV2Zh1WavwVbvNmLvR3YxUjL4M3Lc9CX6MHc0RHaiojIsJye.png)
原理:
引用:
https://github.com/javabeanz/owasp-security-logging/wiki/Log-Forging