Re: squid logging full GET URL

From: Evan Champion <[email protected]>
Date: Sun, 22 Jun 1997 11:38:38 -0400

Cord Beermann wrote:
> <IMHO>I think that security hole is the one who wrote the cgi (or
> whatever) which puts passwords on the URL.</IMHO>

I totally agree, but that doesn't change the fact that people still do
it.

> If I produce statistics I strip all data after the ? from the URL.

Yes, but data after the ? is still in the access log. It doesn't really
contribute much to me, and is a big security hole.

Evan
Received on Sun Jun 22 1997 - 08:41:06 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:33 MST