----- Original Message ----- > From: Daniel Gruno <rum...@cord.dk> > To: dev@httpd.apache.org > Cc: > Sent: Friday, June 8, 2012 6:24 AM > Subject: Re: [PATCH] mod_log_forensic security considerations > > On 06/08/2012 12:13 PM, Graham Leggett wrote: >> On 08 Jun 2012, at 12:16 AM, Daniel Ruggeri wrote: >> >>>> I share Williams concern that this makes mod_forensic potentially > less >>>> useful. >>>> >>>> Maybe making the forensic log mode 600 by default would be a better > >>>> idea? >>> Agreed as well. This module isn't enabled by default and is most > likely >>> to be enabled by a user that knows what they are trying to accomplish. >>> To me, a clear and concise security warning in the documentation should >>> be all that is needed. >>> >>> IMO, having unadulterated logging capability is what makes >>> mod_dumpio/mod_log_forensic some of the most useful modules for >>> troubleshooting in a proxy/crashing scenario (respectively). >> +1. >> >> Regards, >> Graham >> -- >> > +1 to that. We already have the same kind of warnings in place for > people setting up proxies, I see no reason why we can't do the same to > mod_log_forensic. > The module is, as the name says, for forensic logging, so it should be > expected that as much as possible is logged by default, and any special > considerations should be something you could change, but it shouldn't be > the default behaviour to not include this and that because it may be > potentially unsafe. We got bit by it, yes, but that was because we made > the logs available to people, and that's what we should warn about if > anything.
Well not quite, we'd still have had a problem with storing and archiving those logs even if we hadn't made them available to committers, because they violate our password retention policies. > > With regards, > Daniel. >