On Sun, 19 Feb 2012 13:02:01 +0100, Jeroen Massar said: > Per default most webservers (Apache, nginx, etc) won't log POST > variables, GET variables will be logged (as they are part of the query) > but those should not contain any PII.
Right. They shouldn't. But the security mailing lists have lots of counter-examples from clue-challenged web developers.. Plan your logging strategy accordingly (is there any safe answer here other than "disable logging" or "log only timestamp and source IP"?)
pgpu0o5DbjTlJ.pgp
Description: PGP signature