httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From humbed...@apache.org
Subject svn commit: r1343877 - /httpd/httpd/trunk/docs/manual/mod/mod_log_forensic.xml
Date Tue, 29 May 2012 17:50:40 GMT
Author: humbedooh
Date: Tue May 29 17:50:39 2012
New Revision: 1343877

URL: http://svn.apache.org/viewvc?rev=1343877&view=rev
Log:
Adding some additional security considerations. Thanks to Daniel Shahaf for these pointers.

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_log_forensic.xml

Modified: httpd/httpd/trunk/docs/manual/mod/mod_log_forensic.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_log_forensic.xml?rev=1343877&r1=1343876&r2=1343877&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_log_forensic.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_log_forensic.xml Tue May 29 17:50:39 2012
@@ -93,6 +93,10 @@ version 2.1</compatibility>
     document for details on why your security could be compromised
     if the directory where logfiles are stored is writable by
     anyone other than the user that starts the server.</p>
+    <p>The log files may contain sensitive data such as the contents of 
+    <code>Authorization:</code> headers (which can contain passwords), so
+    they should not be readable by anyone except the user that starts the
+    server.</p>
 </section>
 
 <directivesynopsis>



Mime
View raw message