Let's have a class, which is able to log it's operations to a trace file. This trace file might include sensitive data (like usernames or hostnames).
Tracing can be enabled in code like this:
MyClass instance = new MyClass();
// turn on tracing for this instance
instance.LogWriter = new FileLogWriter("path_to_trace_file");
It should also be possible to enable tracing by editing the configuration file like this:
<myComponent>
<logWriter name="FileLogWriter">
<param name="File" value="path_to_trace_file"/>
</logWriter>
</myComponent>
Should developer who is using the class be required to explicitly allow turning tracing on in the config file?
Option 1: Enabling tracing in config should be possible by default
If developer does nothing the tracing can be turned on by editing configuration file.
- good: Diagnostic can be turned on by admin even if developer did not think about it.
- bad: User/admin can turn on tracing and easily get access to sensitive data. (Malicious user would be able to get those data even without tracing but would require more advanced tools like using a packet capture software or attaching a debugger to a running process. Disabled tracing would only make it harder)
- bad: component must read configuration file every time, which can scare paranoid devs/admins.
Option 2: Developer must allow turning tracing on in config
By default the logWriter section in config file is ignored. Developer have to either enable it from code:
instance.LogWriter = LogWriterHelper.ReadFromConfig()
or by setting an assembly level attribute:
[assembly: Component.Configuration.XmlLogWriterConfigurator(Watch = true)]
- bad: Admin will not be able to get a trace from a file when developer is not available.
- bad: A bit more work for turning tracing on.
- good: Tracing can be turned on/off per class instance.
- good: Tracing can be still turned on for all instances in the assembly.
- good: Class reads configuration file only when developer explicitly requests it.
What do you think? Which of those two options are better?