[Koha-bugs] [Bug 6627] [security] insecure file creation
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Dec 23 06:38:53 CET 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6627
--- Comment #6 from Frère Sébastien Marie <semarie-koha at latrappe.fr> 2011-12-23 05:38:53 UTC ---
M. de Rooy, I agreed with you: know who was logged at specific time is
important. It is a security measure (logging auth information).
But, I also agreed with Chris Cormack... It is better to remove file logging
now, and accept a rewrite later.
So, +1 for remove current file logging implementation.
Some elements for secure and useful logging:
- use syslog (but what is the windows compatibility ?)
- use koha logging facility (like for modification of patron, syspref...)
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list