Home page logo

nanog logo nanog mailing list archives

Re: DNS Attacks
From: Valdis.Kletnieks () vt edu
Date: Sun, 19 Feb 2012 09:23:40 -0500

On Sun, 19 Feb 2012 13:02:01 +0100, Jeroen Massar said:

Per default most webservers (Apache, nginx, etc) won't log POST
variables, GET variables will be logged (as they are part of the query)
but those should not contain any PII.

Right. They shouldn't.  But the security mailing lists have lots of
counter-examples from clue-challenged web developers.. Plan your logging
strategy accordingly (is there any safe answer here other than "disable
logging" or "log only timestamp and source IP"?)

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]