tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 52184] Reduce log level for invalid cookies
Date Fri, 18 Nov 2011 17:16:46 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52184

--- Comment #2 from Filip Hanik <fhanik@apache.org> 2011-11-18 17:16:46 UTC ---
I'd keep this open. As asking user to change their log level to avoid filling
up their disks for invalid HTTP cookies is pretty much asking every admin to by
default change the log level for a logger they've never heard of to avoid a DoS
attack.

It's pretty much common sense. It's not an error in Tomcat, it's an invalid
cookie. The logging of it, who does it benefit, the one admin that is looking
for it, or the thousand admins getting invalid cookies?

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message