Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
korjik2012-02-24 16:21:37
Nginx
korjik, 2012-02-24 16:21:37

Nginx logs passwords in POST

Hey!

It costs nginx + passenger with default log settings. For some reason, data like this is stored in the logs:

[24/Feb/2012:10:07:59 +0000] "POST /users/authenticate.xml?login= korjik &owner_id=1&password= password HTTP/1.1"

Rummaged Google to get rid of from this. What do you advise?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
V
VBart, 2012-02-24
@VBart

Obviously because the passwords were not passed in the post body, but as uri arguments.

Report
@
@Defined, 2012-02-24
_

It is better to transmit hashed passwords in general, also with a salt inside.

Report
P
pel, 2012-02-24
@pel

Disable logging - an option?
wiki.nginx.org/NginxHttpLogModule#access_log
Or maybe changing the log format will do?
wiki.nginx.org/NginxHttpLogModule#log_format

Similar questions
F
FRANZEE2018-03-28 12:18:31
How to connect HTTPS to NGINX + Gunicorn + Flask? 1Reply
D
Dmitry Sergeev2012-05-04 05:53:41
Is it possible to set a constant $_GET variable in the config without rewrite? 3Reply
M
Mark Rosenthal2015-11-21 13:53:46
Bad request in Nginx? 2Reply
C
codemix2015-11-22 18:39:08
Why install nginx for ghost blog? 2Reply
A
admin4eg2012-05-16 05:06:34
Nginx rewrite subdomains + django? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question