httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: [PATCH] mod_log_forensic security considerations
Date Fri, 08 Jun 2012 10:13:28 GMT
On 08 Jun 2012, at 12:16 AM, Daniel Ruggeri wrote:

>> I share Williams concern that this makes mod_forensic potentially less 
>> useful.
>> 
>> Maybe making the forensic log mode 600 by default would be a better 
>> idea?
> 
> Agreed as well. This module isn't enabled by default and is most likely
> to be enabled by a user that knows what they are trying to accomplish.
> To me, a clear and concise security warning in the documentation should
> be all that is needed.
> 
> IMO, having unadulterated logging capability is what makes
> mod_dumpio/mod_log_forensic some of the most useful modules for
> troubleshooting in a proxy/crashing scenario (respectively).

+1.

Regards,
Graham
--


Mime
View raw message