On 15 Apr 2000, at 10:15, Peter Münster wrote:
If you want to create access statistics, (for example with webalizer) you need to read httpd.access too. I don't see any security hole... (please let me know, if you really find one) Cheers, Peter
Hi, when using webalizer one will very likely create a special user the webalizer scripts are run under. The log files are not kept in a place *any* user has access to, just the statistics can be accessed by the individuals (like having the logs in /var/log/httpd/username and the statistics at ~home/stats). To give access to log files may or may not be security relevant (in your envirenment) in others it may well be. Be also aware that some countries have very strict privacy protection laws that oblige you to take care no unauthorized person has such access to log files, some laws even forbid such access to the user, other laws do not allow the existence of such logfiles at all. mike