httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Schaefer <joe_schae...@yahoo.com>
Subject Re: [PATCH] mod_log_forensic security considerations
Date Fri, 08 Jun 2012 17:22:08 GMT
For several years Graham those logs were rather valuable
in tracking down segfaulting svn requests.  Security releases
were made as a result of some of those reports to the 

Subversion project.



----- Original Message -----
> From: Graham Leggett <minfrin@sharp.fm>
> To: dev@httpd.apache.org
> Cc: 
> Sent: Friday, June 8, 2012 12:51 PM
> Subject: Re: [PATCH] mod_log_forensic security considerations
> 
> On 08 Jun 2012, at 5:45 PM, Joe Schaefer wrote:
> 
>>  Well not quite, we'd still have had a problem with storing and 
> archiving
>>  those logs even if we hadn't made them available to committers, because
>>  they violate our password retention policies.
> 
> Can you clarify if possible what purpose you were trying to solve by enabling 
> the forensic logs?
> 
> Forensic logging is to answer the question "what is going wrong", and 
> shouldn't be enabled under normal operational circumstances unless there is 
> something genuinely going wrong, at which point you record what you need and 
> then switch it off again.
> 
> A forensic log that has had a whole lot of filters applied to it is 
> counterproductive, because the forensic log no longer tells you exactly what is 
> going on, and when you're troubleshooting you need to know precisely that.
> 
> Regards,
> Graham
> --
> 

Mime
View raw message