[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Pathnames in mod_dav_svn log messages (was Re: 1.3 releasenotes)

From: Daniel Rall <dlr_at_finemaltcoding.com>
Date: 2005-09-26 22:46:49 CEST

On Mon, 26 Sep 2005, kfogel@collab.net wrote:

> Greg Hudson <ghudson@MIT.EDU> writes:
> > We can't possibly be the first Apache httpd module to be putting
> > pathnames in log messages, can we? What do other modules do?
>
> That was exactly the question we started out with. Paul Querna said
> he thought they were URI-encoded, but as we discussed, we weren't
> really sure whether that applied to paths so much as URLs. If these
> things were clearly URLs, then it would have been an easy call, but
> they're not (to most people).

I believe it applies to any logged piece of data which can be manipulated
by the client (e.g. the URI, HTTP headers, etc.). As mentioned by Justin,
the URL encoding of such data offers some degree of security in conjunction
with poorly written log parsing/analysis programs, which are often hooked
up to httpd via a pipe.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Sep 26 22:46:26 2005

This is an archived mail posted to the Subversion Dev mailing list.