出于性能原因,无论使用哪种机制,在构建实际日志消息之前,应对应用程序进行编码,首先检查是否启用给定的日志记录级别。
For performance reasons, whichever mechanism is used, the application should be coded to first check if a given level of logging is enabled before constructing the actual log messages.
然而,防止出现安全风险的最佳方法是在项目开始之前就设置适当的编码规范,并在检查代码时强制施行这些规范。
However, the best way to avoid security risk is to have proper coding guidelines before the project starts and enforce them during code review.
已经被普遍认识到的是:1在编码阶段检查并修正一个缺陷的成本比需求开发阶段这样做的成本要高五到十倍还不止。
It is widely recognized 1 that the cost of detecting and correcting a defect in the coding phase can be five to ten times higher than the cost of doing so during the requirements development phase.
应用推荐