From: Daniel Gruno <humbedooh@apache.org>
Date: Tue, 29 May 2012 17:50:39 +0000 (+0000)
Subject: Adding some additional security considerations. Thanks to Daniel Shahaf for these... 
X-Git-Tag: 2.5.0-alpha~6780
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=348117bc6daec52a70732a75d689b1d131eb88bb;p=thirdparty%2Fapache%2Fhttpd.git

Adding some additional security considerations. Thanks to Daniel Shahaf for these pointers.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1343877 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_log_forensic.xml b/docs/manual/mod/mod_log_forensic.xml
index ab9ac6d69a6..5a31fb5c695 100644
--- a/docs/manual/mod/mod_log_forensic.xml
+++ b/docs/manual/mod/mod_log_forensic.xml
@@ -93,6 +93,10 @@ version 2.1</compatibility>
     document for details on why your security could be compromised
     if the directory where logfiles are stored is writable by
     anyone other than the user that starts the server.</p>
+    <p>The log files may contain sensitive data such as the contents of 
+    <code>Authorization:</code> headers (which can contain passwords), so
+    they should not be readable by anyone except the user that starts the
+    server.</p>
 </section>
 
 <directivesynopsis>