On 6/8/2012 12:52 PM, Jim Riggs wrote: > Having the forensic logs available has proven extremely helpful in this > scenario. Might the full, unfiltered forensic data be valuable? Yes, but I > don't believe the security risk is worth it in my situation. The rare case > where an Authorization header might be truly useful for debugging or RCA is > vastly overshadowed by the usefulness of the rest of the request information > stored in the forensic log.
I'd think this use case represents the minority - seems to me that since the module already supports writing to a pipe, a simple run through sed or perl -p -e should be enough for those who would like to run this in production all the time. If a code change is really what the community thinks is needed, it should become an optional parameter disabled by default. Should we run down that path, it becomes an exercise in figuring out how we give the administrator the option of disabling certain headers from being printed with the flexibility for that administrator to define a match that can suit every need (headers of various names and cookies of various names being the more recently discussed items). -- Daniel Ruggeri
