[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Logging of subrequest authorization checks in mod_dav_svn/mod_authz_svn

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Sun, 18 Jan 2015 03:48:28 +0000

Ben Reser wrote on Fri, Jan 16, 2015 at 14:09:45 -0800:
> On 1/16/15 11:52 AM, C. Michael Pilato wrote:
> > As for log levels, is there any reason to log the implicit read attempts
> > at a level higher than "debug"? I have no opinion about the log level
> > for the explicit ones.
> I can see some people possibly wanting this information for auditing purposes.
> There may be organizations that have to prove their access rules work and it
> can such logging could be useful for that. But I agree that it should be
> limited to elevated logging levels.

It would be nice if the the logged message should be different in that
case, too. That is: there should be some indication, besides the
different log level, that the subrequest-generated log event is

That is, we don't want this:

[debug] Access denied: /private
[error] Access denied: /private

But this:

[debug] Hiding directory '/private' (Access denied)
[error] Access denied: /private

(Or some other log level instead of "debug" — I haven't thought about
what log level would be appropriate.)

Received on 2015-01-18 04:48:58 CET

This is an archived mail posted to the Subversion Dev mailing list.