Aengus Lawlor wrote:
> I will sometimes set the logging directory into the Virtual Root, so that
> http://virtualserverA.domain.com/W3SVCx/ points at the logs. I then copy
> anlgform.html there, as anlgform.asp, and add the following code:
I just want to point out that putting the logfiles in the webspace _may_ be a
potential security hole. Unless the logs are password protected, it provides any
anonymous web user with access to the data in you logs. In addition to the
general access information, which you may or may not want public, if you are
logging cookie data and allow access to secured parts of your site through
cookies, this opens that hole a lot wider than it was.
We usually setup servers (NT or Unix) for vitual hosts with separate 'web' and
'logs' directories for each virtual host client. e.g. (in NT/IIS style)
inetpub\wwwroot\vhostA\logs (where the logs are stored from IIS MMC)
inetpub\wwwroot\vhostA\web (which is pointed to by www.vhosta.com)
HTH,
Jeremy Wadsack
Wadsack-Allen Digital Group
------------------------------------------------------------------------
This is the analog-help mailing list. To unsubscribe from this
mailing list, send mail to [EMAIL PROTECTED]
with "unsubscribe" in the main BODY OF THE MESSAGE.
List archived at http://www.mail-archive.com/[email protected]/
------------------------------------------------------------------------
