From: Daniel Gruno <humbedooh@apache.org>
Date: Tue, 29 May 2012 18:00:49 +0000 (+0000)
Subject: Adding some additional security considerations. Thanks to Daniel Shahaf for these... 
X-Git-Tag: 2.2.23~170
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3bba7e17858c7bf5bd2ee37a2e0ad892904079d8;p=thirdparty%2Fapache%2Fhttpd.git

Adding some additional security considerations. Thanks to Daniel Shahaf for these pointers.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1343883 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_log_forensic.xml b/docs/manual/mod/mod_log_forensic.xml
index ad5831c7a96..5a31fb5c695 100644
--- a/docs/manual/mod/mod_log_forensic.xml
+++ b/docs/manual/mod/mod_log_forensic.xml
@@ -93,6 +93,10 @@ version 2.1</compatibility>
     document for details on why your security could be compromised
     if the directory where logfiles are stored is writable by
     anyone other than the user that starts the server.</p>
+    <p>The log files may contain sensitive data such as the contents of 
+    <code>Authorization:</code> headers (which can contain passwords), so
+    they should not be readable by anyone except the user that starts the
+    server.</p>
 </section>
 
 <directivesynopsis>
@@ -136,7 +140,7 @@ version 2.1</compatibility>
       <note><title>Note</title>
         <p>When entering a file path on non-Unix platforms, care should be taken
         to make sure that only forward slashes are used even though the platform
-        may allow the use of back slashes. In general it is a good idea to always 
+        may allow the use of back slashes. In general it is a good idea to always
         use forward slashes throughout the configuration files.</p>
       </note></dd>
     </dl>