Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
korjik2012-02-24 16:21:37
Nginx
korjik, 2012-02-24 16:21:37

Nginx logs passwords in POST

Hey!

It costs nginx + passenger with default log settings. For some reason, data like this is stored in the logs:

[24/Feb/2012:10:07:59 +0000] "POST /users/authenticate.xml?login= korjik &owner_id=1&password= password HTTP/1.1"

Rummaged Google to get rid of from this. What do you advise?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
V
VBart, 2012-02-24
@VBart

Obviously because the passwords were not passed in the post body, but as uri arguments.

Report
@
@Defined, 2012-02-24
_

It is better to transmit hashed passwords in general, also with a salt inside.

Report
P
pel, 2012-02-24
@pel

Disable logging - an option?
wiki.nginx.org/NginxHttpLogModule#access_log
Or maybe changing the log format will do?
wiki.nginx.org/NginxHttpLogModule#log_format

Similar questions
C
Cyapa2014-11-15 13:59:17
How to fix PHP_SELF (nginx+php-fpm)? 1Reply
A
alexsocute2016-11-14 21:25:42
How to solve such a problem of RTMP video broadcasting? 1Reply
A
Alexander2019-04-12 17:00:25
Where can I get an understanding of nginx+php-fpm+fastcgi interaction? 2Reply
T
Troodi Larson2020-12-25 21:46:06
Proxying an iframe via nginx to edit it via JS? 0Reply
A
Alexander Andreev2019-04-15 11:08:58
How to configure nginx to open a php file when accessing txt? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question