On Tue, 12 Mar 2002, Ralf Dreibrodt wrote: > tail -n 1 /var/log/apache/access.log > 127.0.0.1 - - [12/Mar/2002:13:53:15 +0100] "GET > /cgi-bin/login.pl?user=admin&password=tztztz HTTP/1.1" 200 148 > > to whom belongs this problem? > > the programmer, who used GET for a login or the sysadmin who shows every > ordinary user the GET-request?
The programmer. There's no reason I know why the logs shouldn't be made public to the users. (Though if security was _that_ important for whatever it is that this password is for, it should be using apache-ssl, not apache.) > btw, i think the apache-paket is not useable for a webhosting-server > (e.g frontpage is missing, security is in general too bad), so i normaly > do not use it. Meep. You said frontpage. *hides* T -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
