httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Gruno <rum...@cord.dk>
Subject Re: [PATCH] mod_log_forensic security considerations
Date Fri, 08 Jun 2012 15:55:11 GMT
On 06/08/2012 05:45 PM, Joe Schaefer wrote:
> Well not quite, we'd still have had a problem with storing and
> archiving those logs even if we hadn't made them available to
> committers, because they violate our password retention policies.

My point was, that it should fall upon us to add a filter if we want to
archive our logs with certain forensic details omitted, and not be a
default assumption that people want forensic logs but not this, this and
that stored.

Thus, I'd be more in favor of either piping it through a filter or
adding something like ForensicLogFilter option [,option...]

With regards,
Daniel.

Mime
View raw message