Re: username logging

From: Duane Wessels <wessels@dont-contact.us>
Date: Tue, 7 Nov 2000 15:01:01 -0700 (MST)

On Wed, 8 Nov 2000, Robert Collins wrote:

> Just a quick question: why is the username rfc 1728 escaped?
>
> With NTLM we have valid usernames of the form domain\username. which become
> domain\%5c username. The only reason I can see for escaping the username is
> if users are going to view the log file directly in a web browser... and
> then it should be html quoting not rfc1738 escaping (which is for URI's)...
>
> If log analyzers show that field it's up to them to present the data safely
> escaped for their media - if we escape for html but the are showing display
> postscript without escaping the content, there's no guarantee that a
> security issue won't occur. So I don't see any reason for squid to escape
> the text when it writes the log.

some people have usernames with whitespace in them. If you put such a
name in access.log, it screws up parsing because parsers split fields
on whitespace.
Received on Tue Nov 07 2000 - 15:01:02 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:56 MST