Re: Pathnames in mod_dav_svn log messages (was Re: 1.3 releasenotes)

From: Daniel Rall <dlr_at_finemaltcoding.com>
Date: 2005-09-26 22:46:49 CEST

On Mon, 26 Sep 2005, kfogel@collab.net wrote:

> Greg Hudson <ghudson@MIT.EDU> writes:
> > We can't possibly be the first Apache httpd module to be putting
> > pathnames in log messages, can we? What do other modules do?
>
> That was exactly the question we started out with. Paul Querna said
> he thought they were URI-encoded, but as we discussed, we weren't
> really sure whether that applied to paths so much as URLs. If these
> things were clearly URLs, then it would have been an easy call, but
> they're not (to most people).

I believe it applies to any logged piece of data which can be manipulated
by the client (e.g. the URI, HTTP headers, etc.). As mentioned by Justin,
the URL encoding of such data offers some degree of security in conjunction
with poorly written log parsing/analysis programs, which are often hooked
up to httpd via a pipe.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Sep 26 22:46:26 2005

This message: [ Message body ]
Next message: kfogel_at_collab.net: "Re: svn commit: r16285 - in trunk/subversion: libsvn_ra_svn tests/clients/cmdline"
Previous message: Lieven Govaerts: "RE: Quick question from a new b."
In reply to: kfogel_at_collab.net: "Re: Pathnames in mod_dav_svn log messages (was Re: 1.3 releasenotes)"
Next in thread: kfogel_at_collab.net: "Re: Pathnames in mod_dav_svn log messages (was Re: 1.3 releasenotes)"
Reply: kfogel_at_collab.net: "Re: Pathnames in mod_dav_svn log messages (was Re: 1.3 releasenotes)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]