I\'m updating an application to write slightly more verbose errors to the system
ID: 658110 • Letter: I
Question
I'm updating an application to write slightly more verbose errors to the system log file (in this case, /var/log/apache2/mysite_error_log). I hope that I'm not asking the proverbial stupid question - but are there any potential issues with including user-passed data such as invalid arguments passed to a page in the Apache log file?
The log file is text and read/write to the web server, but I don't want to write potentially harmful text/data that could be exploited if the log file is subsequently opened/read via command line.
Explanation / Answer
Yes. This data should be useful to help debug errors, however, there are at least a few (maybe more) potential security pitfalls to consider:
- Is any of the data privacy sensitive (like social security numbers, passwords, addresses, etc...?) If so, there could be privacy concerns, but those most of those concerns should already exist with the website anyway.
- Logging passwords would be exceptionally dangerous as it would be a plain-text storing of the user's password, which is very bad. If an attacker would be able to open the log file, he could look then look at all passwords entered! On this point, an administrator could also look at the user's password, which is not supposed to happen (because the administrator could then impersonate the user), so I would highly recommend not logging the content of passwords.
- Are the files adequately protected? They should only be accessible by administrators. The system needs to be patched consistently to deter potential attackers from elevating their privilege to root to read the data.