Re: default Apache configuration
Hi,
Thomas Thurman wrote:
>
> On Tue, 12 Mar 2002, Ralf Dreibrodt wrote:
> > tail -n 1 /var/log/apache/access.log
> > 127.0.0.1 - - [12/Mar/2002:13:53:15 +0100] "GET
> > /cgi-bin/login.pl?user=admin&password=tztztz HTTP/1.1" 200 148
> >
> > to whom belongs this problem?
> >
> > the programmer, who used GET for a login or the sysadmin who shows every
> > ordinary user the GET-request?
>
> The programmer. There's no reason I know why the logs shouldn't be made
> public to the users.
What about session-ids?
Should really be every request a POST-request?
I do not think, that this is a good (html)programming style, but perhaps
i am wrong.
what about apache-ssl-logs?
has anyone the possibility to test it?
> > btw, i think the apache-paket is not useable for a webhosting-server
> > (e.g frontpage is missing, security is in general too bad), so i normaly
> > do not use it.
>
> Meep. You said frontpage.
well, german customers/endusers want to have frontpage, the big companys
(schlund, strato, etc.) offer frontpage, so every small
webhostingcompany has to do the same...unfortunalety.
bye,
Ralf
Reply to: