Why can't untrusted code change the log level under Java Logging?

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by cdmckay on Stack Overflow See other posts from Stack Overflow or by cdmckay
Published on 2010-03-16T22:07:06Z Indexed on 2010/03/16 22:11 UTC
Read the original article Hit count: 261

Filed under:
|
|
|
|

I'm have a Java app that also runs as an applet. The app also happens to use a library called BasicPlayer to play .ogg files. BasicPlayer has a built-in logger that uses Apache Logging Commons to create a logger for BasicPlayer.class using the built-in Java logger. The only way that I know about to turn off the BasicPlayer logging is to run this code:

Logger.getLogger(BasicPlayer.class.getName()).setLevel(Level.OFF);

This works fine when running as a regular app. However, when running as an applet, this code will throw a SecurityException because for some reason applets can't change the log level of non-anonymous loggers (see here for a sorta-explanation).

Why would they do this? Who cares if an applet changes the log level?

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about java

Related posts about logging

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle