Jeff Trawick wrote:
what about limiting the number of characters logged and potentially
sent to the client via error-notes?
("%.120s" anyone?)
Sounds good to me ... are there any debug/trace log which truncate
output in a similar way that could serve as "best practices" examples?
I fished around a bit for %.[0-9]+s but didn't see anything obvious ...
dunno
Actually, I wonder why this code allows the unexpected script output
to be part of error-notes anyway. In fact all the uses of
APLOG_TOCLIENT look suspect. Why should the client be told anything
about the application that handles the request? The feature
presumably helps CGI developers, but they should be able to check the
error log.
OK, back from vacation ... I didn't see any other followups on this
so I'll likely just go with your original suggestion and add the string
limit of some modest length like 120 chars. Sound OK?
Chris.
--
GPG Key ID: 088335A9
GPG Key Fingerprint: 86CD 3297 7493 75BC F820 6715 F54F E648 0883 35A9
