Ralf Dreibrodt wrote/napisał[a]/schrieb: > Hi, > > i just saw an error on a debian box with apache(-common) 1.3.9-13.2: > > drwxr-xr-x 14 root root 4096 Dec 7 13:52 /var > drwxr-xr-x 6 root root 4096 Mar 11 06:30 /var/log > drwxr-xr-x 2 root root 4096 Mar 10 06:25 /var/log/apache > -rw-rw-r-- 1 www-data nogroup 134382 Mar 12 13:45 > /var/log/apache/access.log > > tail -n 1 /var/log/apache/access.log > 127.0.0.1 - - [12/Mar/2002:13:53:15 +0100] "GET > /cgi-bin/login.pl?user=admin&password=tztztz HTTP/1.1" 200 148 > > to whom belongs this problem? > > the programmer, who used GET for a login or the sysadmin who shows every > ordinary user the GET-request?
The programmer. This is a very bad practice, the password also lands in the logs of w3caches along the way, in browser history, etc. Alex -- C _-=-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | * ; (_O : +-------------------------------------------------------------+ --+~| ! &~) ? | Płynąć chcę na Wschód, za Suez, gdzie jest dobrem każde zło | l_|/ A ~-=-~ O| Gdzie przykazań brak dziesięciu, a pić można aż po dno; | | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
