Duane Wessels wrote:
> On Wed, 8 Nov 2000, Robert Collins wrote:
>
> > Just a quick question: why is the username rfc 1728 escaped?
> >
> > With NTLM we have valid usernames of the form domain\username. which become
> > domain\%5c username. The only reason I can see for escaping the username is
> > if users are going to view the log file directly in a web browser... and
> > then it should be html quoting not rfc1738 escaping (which is for URI's)...
> >
> > If log analyzers show that field it's up to them to present the data safely
> > escaped for their media - if we escape for html but the are showing display
> > postscript without escaping the content, there's no guarantee that a
> > security issue won't occur. So I don't see any reason for squid to escape
> > the text when it writes the log.
>
> some people have usernames with whitespace in them. If you put such a
> name in access.log, it screws up parsing because parsers split fields
> on whitespace.
Further to that...I'm not sure if squid still does this. I've had my head up my
nethers on other things.
When squid generates a NONE/400 due to (for example) whitespace in the request
URI, the URI gets logged _with_ the space in it. My workaround was to translate
that in the logs as an 0x7f (a clean, 7-bit character that is not LWS, and the
same width as the original) so that I could _see_ that there was whitespace in
the request, but without confusing log-analysers.
D
Received on Tue Nov 07 2000 - 21:07:06 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:56 MST