Re: username logging

Is the character '\' considered whitespace by log analyzers? Thats the only
character I'm interested in :-]

Perhaps a variation on the escape function to leave that unescaped?

Rob
----- Original Message -----
From: "Duane Wessels" <wessels@squid-cache.org>
To: "Robert Collins" <robert.collins@itdomain.com.au>
Cc: <squid-dev@squid-cache.org>
Sent: Wednesday, November 08, 2000 9:01 AM
Subject: Re: username logging

>
>
> On Wed, 8 Nov 2000, Robert Collins wrote:
>
> > Just a quick question: why is the username rfc 1728 escaped?
> >
> > With NTLM we have valid usernames of the form domain\username. which
become
> > domain\%5c username. The only reason I can see for escaping the username
is
> > if users are going to view the log file directly in a web browser... and
> > then it should be html quoting not rfc1738 escaping (which is for
URI's)...
> >
> > If log analyzers show that field it's up to them to present the data
safely
> > escaped for their media - if we escape for html but the are showing
display
> > postscript without escaping the content, there's no guarantee that a
> > security issue won't occur. So I don't see any reason for squid to
escape
> > the text when it writes the log.
>
> some people have usernames with whitespace in them. If you put such a
> name in access.log, it screws up parsing because parsers split fields
> on whitespace.
>
>
Received on Tue Nov 07 2000 - 15:04:41 MST