Note

Return-Path: X-Original-To: apmail-httpd-cvs-archive@www.apache.org Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 34CE0C0B7 for ; Tue, 29 May 2012 18:01:11 +0000 (UTC) Received: (qmail 98102 invoked by uid 500); 29 May 2012 18:01:11 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 98046 invoked by uid 500); 29 May 2012 18:01:11 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 98039 invoked by uid 99); 29 May 2012 18:01:10 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 May 2012 18:01:10 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 May 2012 18:01:10 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 1EA2F2388860; Tue, 29 May 2012 18:00:50 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1343883 - /httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_forensic.xml Date: Tue, 29 May 2012 18:00:50 -0000 To: cvs@httpd.apache.org From: humbedooh@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20120529180050.1EA2F2388860@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: humbedooh Date: Tue May 29 18:00:49 2012 New Revision: 1343883 URL: http://svn.apache.org/viewvc?rev=1343883&view=rev Log: Adding some additional security considerations. Thanks to Daniel Shahaf for these pointers. Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_forensic.xml Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_forensic.xml URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_forensic.xml?rev=1343883&r1=1343882&r2=1343883&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_forensic.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_forensic.xml Tue May 29 18:00:49 2012 @@ -93,6 +93,10 @@ version 2.1 document for details on why your security could be compromised if the directory where logfiles are stored is writable by anyone other than the user that starts the server.

The log files may contain sensitive data such as the contents of + Authorization: headers (which can contain passwords), so + they should not be readable by anyone except the user that starts the + server.

@@ -136,7 +140,7 @@ version 2.1 Note

When entering a file path on non-Unix platforms, care should be taken to make sure that only forward slashes are used even though the platform - may allow the use of back slashes. In general it is a good idea to always + may allow the use of back slashes. In general it is a good idea to always use forward slashes throughout the configuration files.