[
https://issues.apache.org/jira/browse/OFBIZ-10507?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16576101#comment-16576101 ]
Michael Brohl commented on OFBIZ-10507:
---------------------------------------
[~deepak.dixit],
the problem I see with with the current logging is that it is logged as an error which leads to massive logging in productive high traffic systems. For debugging it should be fine to log at the INFO level but not ERROR.
I think we should reduce the amount of ERRORS messages in the log to a reasonable amount. Wrong password entries should definetely not go to the logfile.
> LoginServices.userLogin: Respond "fail" instead of "error" to avoid the (automatic service engine) logging of a stack trace on missing/invalid credentials
> ----------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-10507
> URL:
https://issues.apache.org/jira/browse/OFBIZ-10507> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Reporter: Benjamin Jugl
> Assignee: Benjamin Jugl
> Priority: Minor
> Attachments: OFBIZ-10507_org.apache.ofbiz.common.login.LoginServices.patch
>
>
> There are a lot of login-related entries in the logfile, that stem from user related errors (like no or wrong password, user not found and so on). To reduce this, the patch introduces a distinction between ERROR messages and FAIL messages in the Service-Result.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Locked
