Logging Mechanism
The event log mechanism uses a separate PostGreSQL database, for the purpose of making it more difficult to attack. Only stored procedures that read or add logs are available; it isn't possible to erase logs because the script user only has permissions to execute stored procedures. The script user gains the privileges of the creator of the functions (stored procedures) only within the scope of the functions (using the clause "EXTERNAL SECURITY DEFINER;"). The user who created the stored procedures only has permission to insert, select, and create functions, so even if somehow a stored procedure is attacked, or if the script user account is compromised, the attacker won't be able to erase the logs. Logging Levels. We defined 5 levels:
LOG_NONE = 0 LOG_NORMAL_EVENT = 1 LOG_USER_INTERFACE = 2 LOG_DB_COMMUNICATION_ERROR = 3 LOG_REASSURE_INTERNALS = 4
- LOG_NONE. Essentially a NULL operation.
- LOG_NORMAL_EVENT. Used for logging normal operation of ReAssure (experiments started, ended, etc...).
- LOG_USER_INTERFACE. This is used for logging input validation or authentication failures. The idea is to log at this level any user actions denied.
- LOG_DB_COMMUNICATION_ERROR. This is used when part of ReAssure can't communicate with another, such as the database, LDAP server, image server, etc...
- LOG_REASSURE_INTERNALS. This is to log events (exceptions) that were unexpected during the design of the software.