Return-Path:
X-Original-To: apmail-httpd-cvs-archive@www.apache.org
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
by minotaur.apache.org (Postfix) with SMTP id 34CE0C0B7
for ;
Tue, 29 May 2012 18:01:11 +0000 (UTC)
Received: (qmail 98102 invoked by uid 500); 29 May 2012 18:01:11 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 98046 invoked by uid 500); 29 May 2012 18:01:11 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help:
list-unsubscribe:
List-Post:
List-Id:
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 98039 invoked by uid 99); 29 May 2012 18:01:10 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 May 2012 18:01:10 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 May 2012 18:01:10 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
by eris.apache.org (Postfix) with ESMTP id 1EA2F2388860;
Tue, 29 May 2012 18:00:50 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1343883 -
/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_forensic.xml
Date: Tue, 29 May 2012 18:00:50 -0000
To: cvs@httpd.apache.org
From: humbedooh@apache.org
X-Mailer: svnmailer-1.0.8-patched
Message-Id: <20120529180050.1EA2F2388860@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org
Author: humbedooh
Date: Tue May 29 18:00:49 2012
New Revision: 1343883
URL: http://svn.apache.org/viewvc?rev=1343883&view=rev
Log:
Adding some additional security considerations. Thanks to Daniel Shahaf for these pointers.
Modified:
httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_forensic.xml
Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_forensic.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_forensic.xml?rev=1343883&r1=1343882&r2=1343883&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_forensic.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_forensic.xml Tue May 29 18:00:49 2012
@@ -93,6 +93,10 @@ version 2.1
document for details on why your security could be compromised
if the directory where logfiles are stored is writable by
anyone other than the user that starts the server.
+ The log files may contain sensitive data such as the contents of
+ Authorization:
headers (which can contain passwords), so
+ they should not be readable by anyone except the user that starts the
+ server.
@@ -136,7 +140,7 @@ version 2.1
Note
When entering a file path on non-Unix platforms, care should be taken
to make sure that only forward slashes are used even though the platform
- may allow the use of back slashes. In general it is a good idea to always
+ may allow the use of back slashes. In general it is a good idea to always
use forward slashes throughout the configuration files.