Re: URL coding : ftp passwords in clear!

From: David J N Begley <[email protected]>
Date: Wed, 9 Jul 1997 20:47:04 +1000 (EST)

On Wed, 9 Jul 1997, Leigh Porter wrote:

> I am sure squid could easily filter out ftp://usr:passwd@host.tld and
> not log it.

Actually, I'd rather they be left there - it makes it much easier to pick
out when users are doing "naughty" things (eg., "ftp://warez:"), or if the
logs are required as evidence at any time then "full disclosure" makes
tracking and investigation much, much easier/quicker.

Yes, putting logins/IDs into the URL is dumb; yes, it means you have to
secure the area where the logs are stored. That's life...

Cheers..

dave
Received on Wed Jul 09 1997 - 03:49:10 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:42 MST