19 Feb
2012
19 Feb
'12
9:23 a.m.
On Sun, 19 Feb 2012 13:02:01 +0100, Jeroen Massar said:
Per default most webservers (Apache, nginx, etc) won't log POST variables, GET variables will be logged (as they are part of the query) but those should not contain any PII.
Right. They shouldn't. But the security mailing lists have lots of counter-examples from clue-challenged web developers.. Plan your logging strategy accordingly (is there any safe answer here other than "disable logging" or "log only timestamp and source IP"?)