Re: Witango-Talk: logging and security

[John McGowan]

Too much work... I would have to reinvent the logging system and know 
ahead of time where I am going to need to see the values of the variables.

If I had to describe the feature i need it would go something like this.
in witango.ini
SENSITIVE_POSTARGS=CARDNUMBER,SSN
SENSITIVE_VARNAMES=CardNumber,SSN
And then the logging system could simply "XXX" the values out or not 
output the variable at all.  Of course the longer the list of sensitive 
vars the more of a performance hit there would be, So then perhaps the 
following would be better.

SENSITIVE_VARSUFFIX=NOLOG
This way if I assign to a variable called Local$CardNumber_NoLog  it 
won't show up in the logfile.  In the meantime I think I'm going to 
write a simple perl script to look at every line for the offending vars 
and postargs.

Perhaps the Witango logging could be piped to a separate process tasked 
with cleaning up the logfile.  and that separate process could be 
"nicer" than the witango process, so it would not interfere with the 
rest of the app servers responsibilities.

/John
witango man wrote:
You may also like to use <@logmessage> - I don't know
what the limit on the length of the message is but
it's pretty big - thus you could write out all args
and vars leaving out the sensitive ones...
--- Steve Smith <[EMAIL PROTECTED]> wrote:
 

Is the logging something that you can turn on after,
to try to  
reproduce a problem that a user has reported? Or do
you need to be able  
to go back over the log files after a user has
reported an error.

If it is the former, what I do is to have a
"developer's" taf that  
allows me to go in and turn debug on and off for the
current user's  
session. It's not the same as logging, but it has
helped me track down  
problems by going through and reproducing what the
user did.

If you want more info on this, let me know.
Hope this helps,
Steve Smith
Oakbridge Information Solutions
Office: (519) 624-4388
GTA:    (416) 606-3885
Fax:    (519) 624-3353
Cell:   (416) 606-3885
Email:  [EMAIL PROTECTED]
Web:    http://www.oakbridge.ca
On Wednesday, April 28, 2004, at 03:10 PM, John
McGowan wrote:
   

That's what I thought.
We typically have the logging set to show actions.
     

Which takes up a  
   

lot of disk space, but is very helpful in proving
     

that there was "user  
   

error" in some situations.  I'm considering just
     

shutting down logging  
   

right now.  I just know that if I do i'm going to
     

get a call the next  
   

day asking to investigate a problem that a user
     

experienced.
   

/John
Robert Shubert wrote:
     

I agree that those files are something to
       

consider. You might want to
   

think about making a simple BAT that would
       

zip/encrypt/password the
   

files each night. They would then be available to
       

you if you wanted.  
   

The
suggestion of post processing, perhaps with a
       

regex command is also
   

valid.
An argument might be made that LogLevel=1 should
       

not contain  
   

post/search
arguments. I guess the log might still be useful
       

in the long run for
   

basic access/error searching.
One thing that I am asking for in the next major
       

release is an
   

ERRORSONLY logging class. At first I was thinking
       

this for the
   

witangoevents.log file, but I can also see it
       

useful in the regular  
   

log.
This wouldn't necessarily solve the problem you
       

brought up, but if the
   

log contained only error data, it would be much
       

smaller and more  
   

useful
with the occasional time you needed such data.
Aside from my free-thinking, there are no current
       

mechanisms with  
   

which
to deal with your problem. I would assign the log
       

folder to a  
   

non-shared
partition of the server if you can, or off the
       

server on a machine  
   

with
more security, and less public access.
Robert
-----Original Message-----
From: John McGowan [mailto:[EMAIL PROTECTED]
       

Sent: Wednesday, April  
   

28, 2004 1:59 PM
To: [EMAIL PROTECTED]
Subject: Witango-Talk: logging and security
Many times we leave Witango logging turned on so
       

we can debug a  
   

problem after it's been reported by a user.  When
       

that site is one  
   

that does e-commerce, there is a problem.  The
       

Witango log contains  
   

all the post arguments passed in and variable
       

changes etc... that  
   

data could be sensitive, and not something we
       

want laying around.
   

Is there any way to control the witango logging
       

system to not print  
   

certain post args, and not show the value of
       

certain variables when  
   

they
change?
Otherwise the only thing i can think of is to run
       

a program that  
   

processes the logfile after it has been rolled to
       

stirp out any  
   

patterns
that we don't want in the logfile.
/John
       

______________________________________________________________________
 

__
TO UNSUBSCRIBE: Go to
       

http://www.witango.com/developer/maillist.taf
   

       

______________________________________________________________________
 

__
TO UNSUBSCRIBE: Go to
       

http://www.witango.com/developer/maillist.taf
   

       

     

_______________________________________________________________________
 

_
TO UNSUBSCRIBE: Go to
     

http://www.witango.com/developer/maillist.taf
   

     

   

________________________________________________________________________
 

TO UNSUBSCRIBE: Go to
   

http://www.witango.com/developer/maillist.taf

	
		
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover 
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf

 

________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf