Too much work... I would have to reinvent the logging system and know ahead of time where I am going to need to see the values of the variables.

If I had to describe the feature i need it would go something like this.

in witango.ini
SENSITIVE_POSTARGS=CARDNUMBER,SSN
SENSITIVE_VARNAMES=CardNumber,SSN

And then the logging system could simply "XXX" the values out or not output the variable at all. Of course the longer the list of sensitive vars the more of a performance hit there would be, So then perhaps the following would be better.

SENSITIVE_VARSUFFIX=NOLOG

This way if I assign to a variable called Local$CardNumber_NoLog it won't show up in the logfile. In the meantime I think I'm going to write a simple perl script to look at every line for the offending vars and postargs.

Perhaps the Witango logging could be piped to a separate process tasked with cleaning up the logfile. and that separate process could be "nicer" than the witango process, so it would not interfere with the rest of the app servers responsibilities.

/John

witango man wrote:

You may also like to use <@logmessage> - I don't know
what the limit on the length of the message is but
it's pretty big - thus you could write out all args
and vars leaving out the sensitive ones...


--- Steve Smith <[EMAIL PROTECTED]> wrote:


Is the logging something that you can turn on after,
to try to reproduce a problem that a user has reported? Or do
you need to be able to go back over the log files after a user has
reported an error.


If it is the former, what I do is to have a
"developer's" taf that allows me to go in and turn debug on and off for the
current user's session. It's not the same as logging, but it has
helped me track down problems by going through and reproducing what the
user did.


If you want more info on this, let me know.

Hope this helps,

Steve Smith

Oakbridge Information Solutions
Office: (519) 624-4388
GTA:    (416) 606-3885
Fax:    (519) 624-3353
Cell:   (416) 606-3885
Email:  [EMAIL PROTECTED]
Web:    http://www.oakbridge.ca

On Wednesday, April 28, 2004, at 03:10 PM, John
McGowan wrote:



That's what I thought.

We typically have the logging set to show actions.


Which takes up a

lot of disk space, but is very helpful in proving


that there was "user

error" in some situations. I'm considering just


shutting down logging

right now. I just know that if I do i'm going to


get a call the next

day asking to investigate a problem that a user


experienced.


/John

Robert Shubert wrote:



I agree that those files are something to


consider. You might want to


think about making a simple BAT that would


zip/encrypt/password the


files each night. They would then be available to


you if you wanted.

The
suggestion of post processing, perhaps with a


regex command is also


valid.
An argument might be made that LogLevel=1 should


not contain

post/search
arguments. I guess the log might still be useful


in the long run for


basic access/error searching.

One thing that I am asking for in the next major


release is an


ERRORSONLY logging class. At first I was thinking


this for the


witangoevents.log file, but I can also see it


useful in the regular

log.
This wouldn't necessarily solve the problem you


brought up, but if the


log contained only error data, it would be much


smaller and more

useful
with the occasional time you needed such data.

Aside from my free-thinking, there are no current


mechanisms with

which
to deal with your problem. I would assign the log


folder to a

non-shared
partition of the server if you can, or off the


server on a machine

with
more security, and less public access.

Robert

-----Original Message-----
From: John McGowan [mailto:[EMAIL PROTECTED]


Sent: Wednesday, April

28, 2004 1:59 PM
To: [EMAIL PROTECTED]
Subject: Witango-Talk: logging and security

Many times we leave Witango logging turned on so


we can debug a

problem after it's been reported by a user. When


that site is one

that does e-commerce, there is a problem. The


Witango log contains

all the post arguments passed in and variable


changes etc... that

data could be sensitive, and not something we


want laying around.


Is there any way to control the witango logging


system to not print

certain post args, and not show the value of


certain variables when

they

change?

Otherwise the only thing i can think of is to run


a program that

processes the logfile after it has been rolled to


stirp out any

patterns

that we don't want in the logfile.

/John




______________________________________________________________________


__
TO UNSUBSCRIBE: Go to


http://www.witango.com/developer/maillist.taf




______________________________________________________________________


__
TO UNSUBSCRIBE: Go to


http://www.witango.com/developer/maillist.taf






_______________________________________________________________________


_
TO UNSUBSCRIBE: Go to


http://www.witango.com/developer/maillist.taf






________________________________________________________________________


TO UNSUBSCRIBE: Go to


http://www.witango.com/developer/maillist.taf





__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover ________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf





________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf

Reply via email to