httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From humbed...@apache.org
Subject svn commit: r1343883 - /httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_forensic.xml
Date Tue, 29 May 2012 18:00:50 GMT
Author: humbedooh
Date: Tue May 29 18:00:49 2012
New Revision: 1343883

URL: http://svn.apache.org/viewvc?rev=1343883&view=rev
Log:
Adding some additional security considerations. Thanks to Daniel Shahaf for these pointers.

Modified:
    httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_forensic.xml

Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_forensic.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_forensic.xml?rev=1343883&r1=1343882&r2=1343883&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_forensic.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_forensic.xml Tue May 29 18:00:49 2012
@@ -93,6 +93,10 @@ version 2.1</compatibility>
     document for details on why your security could be compromised
     if the directory where logfiles are stored is writable by
     anyone other than the user that starts the server.</p>
+    <p>The log files may contain sensitive data such as the contents of 
+    <code>Authorization:</code> headers (which can contain passwords), so
+    they should not be readable by anyone except the user that starts the
+    server.</p>
 </section>
 
 <directivesynopsis>
@@ -136,7 +140,7 @@ version 2.1</compatibility>
       <note><title>Note</title>
         <p>When entering a file path on non-Unix platforms, care should be taken
         to make sure that only forward slashes are used even though the platform
-        may allow the use of back slashes. In general it is a good idea to always 
+        may allow the use of back slashes. In general it is a good idea to always
         use forward slashes throughout the configuration files.</p>
       </note></dd>
     </dl>



Mime
View raw message