Matus UHLAR - fantomas wrote:
>> On Mon, 17 Mar 2008 11:31:39 +0000
>> "Robin Clayton" <twinturbo@f2s.com> wrote:
>>> 2.5-Stable-5
>>>
>>> I have used squid for probably 8 years.
>
> We see :)
>
>>> It has recently come to my attention that sites with dynamic content
>>> as denoted by a ? "question mark" are not being logged or blocked.
>>>
>>> so for example searches on google do not show the full URL.
>
> On 18.03.08 13:07, RW wrote:
>> I don't know much about 2.5 but in up-to-date versions, logging of query
>> urls is governed by "strip_query_terms". By default it's on to avoid
>> logging things like session IDs.
>
> it's called privacy :)
It's called philanthropy: protecting idiots against themselves at ones
own cost.
No webmaster with any serious intentions of privacy publishes the
SESSION-IDs in visible URI. The sensible ones use session cookies,
nicely hidden from script-kiddies eyes, easily removed by
security-conscious users, and not getting in the way of smart users
direct-linking.
Amos
-- Please use Squid 2.6STABLE17+ or 3.0STABLE1+ There are serious security advisories out on all earlier releases.Received on Wed Mar 19 2008 - 05:51:20 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT