Rémy Maucherat wrote:
> Since it's an obvious hacking attempt, I chose to use this method
> instead:
> documentBuilder.setEntityResolver
> (new EntityResolver() {
> public InputSource resolveEntity(String publicId,
> String systemId)
> throws SAXException, IOException {
> return new InputSource(new StringReader(""));
> }
> });
>
> -> no logging, replace with blank text (I was using an ISE right before
> instead of an input source, but there's no real justification)
I don't think no logging for an obvious hacking attempt is a good idea.
I also think that there is a slim chance of a legitimate use of an
entity and in this case the logging gives the administrator a chance
of working out why something isn't working.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
