On Tuesday 11 Mar 2003 14:55 pm, Scott Wilhelm wrote: > Why not read the logs via the administrator?
Because Evil Hacker can insert anything they like in them, unless Macromedia have tidied that one up recently. And if I can do that, on IE, I own you ;-) On Netscape/Mozilla it isn't as bad, but I could still perform a cross site scripting attack or something, probably. I've not looked into it very seriously, but it is generally a bad thing to view logs through a web browser, especially if they do silly things like look up domain names from IPs. > How else should I read my logs? I find vi and grep helpful. -- Tom C "Land of the free, home of the brave... you have to be brave to live there and enjoy the freedoms" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
