httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: [PATCH] mod_log_forensic security considerations
Date Thu, 07 Jun 2012 01:15:38 GMT
On Wed, Jun 6, 2012 at 3:49 PM, Joe Schaefer <joe_schaefer@yahoo.com> wrote:
> Session cookies sometimes pose a security risk as well.

Yeah.  That could be any cookie though although there are a few very
common defaults :(  My guess is that cookie values are more useful for
debugging crashes than Authorization headers, but that it should still
be opt-in.

Thoughts, anyone?

>
>
>
> ----- Original Message -----
>> From: Jeff Trawick <trawick@gmail.com>
>> To: docs@httpd.apache.org; dev@httpd.apache.org
>> Cc:
>> Sent: Wednesday, June 6, 2012 3:46 PM
>> Subject: Re: [PATCH] mod_log_forensic security considerations
>>
>> On Tue, May 29, 2012 at 1:36 PM, Daniel Shahaf <d.s@daniel.shahaf.name>
>> wrote:
>>>  https://blogs.apache.org/infra/entry/apache_org_incident_report_for
>>>
>>>  Infra got bit by mod_log_forensic logs including Authorization headers
>>>  and being world-readable, so in an effort to save someone else from
>>>  repeating this mistake how about adding it to the "Security
>>>  considerations" section of the documentation:
>>>
>>>  [[[
>>>  Index: docs/manual/mod/mod_log_forensic.xml
>>>  ===================================================================
>>>  --- docs/manual/mod/mod_log_forensic.xml        (revision 1342688)
>>>  +++ docs/manual/mod/mod_log_forensic.xml        (working copy)
>>>  @@ -93,6 +93,10 @@
>>>      document for details on why your security could be compromised
>>>      if the directory where logfiles are stored is writable by
>>>      anyone other than the user that starts the server.</p>
>>>  +    <p>The logfiles may contain sensitive data such as the contents
>> of
>>>  +    <code>Authorization:</code> headers (which can contain
>> passwords), so
>>>  +    they should not be readable by anyone except the user that starts the
>>>  +    server.</p>
>>>   </section>
>>>
>>>   <directivesynopsis>
>>>  ]]]
>>>
>>>  Perhaps it would be a useful feature to allow excluding those headers
>>>  from being logged, too.
>>
>> IMO they shouldn't be logged by default (if at all).
>> Proxy-Authorization also needs to be handled.  (Anything else?  My
>> search query foo is particularly bad today.)
>>
>> Attached is a potential code fix...  I guess a directive could be
>> added to allow them to be logged, but when would that be needed?  (A.
>> When the request crashes due to the exact value of one of these
>> headers and the module author needs it for debugging.)
>>
>> --
>> Born in Roswell... married an alien...
>> http://emptyhammock.com/
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: docs-help@httpd.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
> For additional commands, e-mail: docs-help@httpd.apache.org
>



-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message