On Wed, Jun 6, 2012 at 3:49 PM, Joe Schaefer <joe_schaefer@yahoo.com> wrote:
> Session cookies sometimes pose a security risk as well.
Yeah. That could be any cookie though although there are a few very
common defaults :( My guess is that cookie values are more useful for
debugging crashes than Authorization headers, but that it should still
be opt-in.
Thoughts, anyone?
>
>
>
> ----- Original Message -----
>> From: Jeff Trawick <trawick@gmail.com>
>> To: docs@httpd.apache.org; dev@httpd.apache.org
>> Cc:
>> Sent: Wednesday, June 6, 2012 3:46 PM
>> Subject: Re: [PATCH] mod_log_forensic security considerations
>>
>> On Tue, May 29, 2012 at 1:36 PM, Daniel Shahaf <d.s@daniel.shahaf.name>
>> wrote:
>>> https://blogs.apache.org/infra/entry/apache_org_incident_report_for
>>>
>>> Infra got bit by mod_log_forensic logs including Authorization headers
>>> and being world-readable, so in an effort to save someone else from
>>> repeating this mistake how about adding it to the "Security
>>> considerations" section of the documentation:
>>>
>>> [[[
>>> Index: docs/manual/mod/mod_log_forensic.xml
>>> ===================================================================
>>> --- docs/manual/mod/mod_log_forensic.xml (revision 1342688)
>>> +++ docs/manual/mod/mod_log_forensic.xml (working copy)
>>> @@ -93,6 +93,10 @@
>>> document for details on why your security could be compromised
>>> if the directory where logfiles are stored is writable by
>>> anyone other than the user that starts the server.</p>
>>> + <p>The logfiles may contain sensitive data such as the contents
>> of
>>> + <code>Authorization:</code> headers (which can contain
>> passwords), so
>>> + they should not be readable by anyone except the user that starts the
>>> + server.</p>
>>> </section>
>>>
>>> <directivesynopsis>
>>> ]]]
>>>
>>> Perhaps it would be a useful feature to allow excluding those headers
>>> from being logged, too.
>>
>> IMO they shouldn't be logged by default (if at all).
>> Proxy-Authorization also needs to be handled. (Anything else? My
>> search query foo is particularly bad today.)
>>
>> Attached is a potential code fix... I guess a directive could be
>> added to allow them to be logged, but when would that be needed? (A.
>> When the request crashes due to the exact value of one of these
>> headers and the module author needs it for debugging.)
>>
>> --
>> Born in Roswell... married an alien...
>> http://emptyhammock.com/
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: docs-help@httpd.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
> For additional commands, e-mail: docs-help@httpd.apache.org
>
--
Born in Roswell... married an alien...
http://emptyhammock.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
|