Mailing List Archive

>
> Currently httpd only logs any username for protected documents. How do folks
> feel about my changing this so that it logs any remote username sent by the
> client (as part of authentication data), even if the document being
> accessed was not protected?
>
> I've found another bug in the handling of the user information, and it might
> be convenient to change the logging in the manner I described.

Can this be addressed with other custom logging related things.
If we can add custom logging, this sort of thing will just fall out
if it.
I'm not interested in user names in my logfile, so a single patch to
add that wouldn't be of use to many people.

rob

On Tue, 4 Apr 1995, David Robinson wrote:
> Currently httpd only logs any username for protected documents. How do folks
> feel about my changing this so that it logs any remote username sent by the
> client (as part of authentication data), even if the document being
> accessed was not protected?
>
> I've found another bug in the handling of the user information, and it might
> be convenient to change the logging in the manner I described.

It should only record it for protected documents. Some browsers are
"promiscuous" and send authentication info even for resources not under
authentication, and that behavior shouldn't be rewarded or recognized.
Besides, when I was learning how to set up access control it was a very
good way to know I was doing things right - adding ambiguity there would
have been confusing.

Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@hotwired.com brian@hyperreal.com http://www.hotwired.com/Staff/brian/