Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Re: A rare, insidious logfile parsing pitfall

by echo (Pilgrim)
on Oct 27, 2001 at 14:57 UTC ( #121739=note: print w/replies, xml ) Need Help??


in reply to A rare, insidious logfile parsing pitfall

I've been using user names with embedded spaces for a long time now. You're quoting RFC 1945 which has been obsoleted twice, the latest is RFC 2616, I haven't checked whether it changes the rules though. I'm not sure it matters much, because Apache does not escape anything when writing to the logs, there's no untaiting of user supplied fields such as the request URI, the Referer header or the User Agent header. It's been known for quite a while that these can fool a human reading the logs from a shell with 'cat' or 'tail', e.g. disrupting display by embedding VT control sequences in one of those fields.
Anyone thinking such a log can be parsed with regexps is in for a surprise... Recently the Apache dev list has discussed the possibility of providing a switch that would properly escape fields written to the log.
  • Comment on Re: A rare, insidious logfile parsing pitfall

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://121739]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (6)
As of 2019-04-20 02:13 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I am most likely to install a new module from CPAN if:
















    Results (108 votes). Check out past polls.

    Notices?
    • (Sep 10, 2018 at 22:53 UTC) Welcome new users!