httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: proxy logging ftp password
Date Sun, 07 Sep 1997 10:24:59 GMT
No they aren't.  They are owned and only need be writable by the user that
starts Apache, normally root.

In any case, the fact remains that on most systems they are world
readable.

On Sun, 7 Sep 1997, Philip A. Prindeville wrote:

> In my opinion, for what it is worth, yes.  Since the log files are
> owned by the userid of the apache user, they can't really be protected.
> So, they would be easy to get to if the system were compromised or even
> if (god forbid) a Web-hosting company also let users have shell accounts.
> 
> -Philip
> 


Mime
View raw message