On Sun, 19 Feb 2012 13:02:01 +0100, Jeroen Massar said:

> Per default most webservers (Apache, nginx, etc) won't log POST
> variables, GET variables will be logged (as they are part of the query)
> but those should not contain any PII.

Right. They shouldn't.  But the security mailing lists have lots of
counter-examples from clue-challenged web developers.. Plan your logging
strategy accordingly (is there any safe answer here other than "disable
logging" or "log only timestamp and source IP"?)

Attachment: pgpu0o5DbjTlJ.pgp
Description: PGP signature

Reply via email to