Why can't untrusted code change the log level under Java Logging?
Posted
by cdmckay
on Stack Overflow
See other posts from Stack Overflow
or by cdmckay
Published on 2010-03-16T22:07:06Z
Indexed on
2010/03/16
22:11 UTC
Read the original article
Hit count: 268
I'm have a Java app that also runs as an applet. The app also happens to use a library called BasicPlayer to play .ogg files. BasicPlayer has a built-in logger that uses Apache Logging Commons to create a logger for BasicPlayer.class using the built-in Java logger. The only way that I know about to turn off the BasicPlayer logging is to run this code:
Logger.getLogger(BasicPlayer.class.getName()).setLevel(Level.OFF);
This works fine when running as a regular app. However, when running as an applet, this code will throw a SecurityException because for some reason applets can't change the log level of non-anonymous loggers (see here for a sorta-explanation).
Why would they do this? Who cares if an applet changes the log level?
© Stack Overflow or respective owner