Hi, Thomas Thurman wrote: > > On Tue, 12 Mar 2002, Ralf Dreibrodt wrote: > > tail -n 1 /var/log/apache/access.log > > 127.0.0.1 - - [12/Mar/2002:13:53:15 +0100] "GET > > /cgi-bin/login.pl?user=admin&password=tztztz HTTP/1.1" 200 148 > > > > to whom belongs this problem? > > > > the programmer, who used GET for a login or the sysadmin who shows every > > ordinary user the GET-request? > > The programmer. There's no reason I know why the logs shouldn't be made > public to the users.
What about session-ids? Should really be every request a POST-request? I do not think, that this is a good (html)programming style, but perhaps i am wrong. what about apache-ssl-logs? has anyone the possibility to test it? > > btw, i think the apache-paket is not useable for a webhosting-server > > (e.g frontpage is missing, security is in general too bad), so i normaly > > do not use it. > > Meep. You said frontpage. well, german customers/endusers want to have frontpage, the big companys (schlund, strato, etc.) offer frontpage, so every small webhostingcompany has to do the same...unfortunalety. bye, Ralf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
