As a short-term solution, this is probably adequate, but there's information loss -- it'd be nice to indicate the original byte sequence somehow in the log entry by escaping characters so that log analysis tools could detect such attacks, etc.
Perhaps the right answer is to log the URI with proper URL-encoding, so that it would be logged as %1B instead of the literal byte. On 9/9/10 8:18 AM, Gustaf Neumann wrote: > > i have just now committed a quick fix for the problem into the > aolserver/nslog/nslog.c > into the sourceforge module. please check, if this is in all cases > sufficient. -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70) -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
