Re: Log problem with REMOTE_USER containing spaces

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


This is all just my opinion as an individual, but...


On July 17, 2011 15:10 , Tom Browder <tom.browder@xxxxxxxxx> wrote:

In those cases I found that a user tried to enter a $REMOTE_USER name
with spaces (e.g., "Joe Lee") and the resulting log parse bombed
because the log format does not have the %u protected by quotes.



1.  I can put quotes around the "%u" which will work for me, but now I
have to mod the parser to always expect it.
I think this is the correct solution for your case. I think it is very common to customize the log format to meet special needs, and Apache HTTP Server provides ways to do this. As this is a feature of Apache HTTP Server, log parsing software and other tools should support it. 



2.  Should the Apache log format be changed?  Is it a bug, or should
it become a new, named log format?
Why would it be a bug? Apache HTTP Server is logging the correct information. If there is any problem, it is with any assumption that log lines should have space-delimited fields. However, there are already other fields for which this assumption does not hold. 



3.  Can such a user name be filtered by Apache and replace the space
with the http URL space encoding '%20' or '+'?
For URLs, URL encoding is a standard convention that is well understood, supported, and even required by many tools. I cannot think of any similar convention for user names; introducing encoding into the user name field of log entries is not only likely to break many tools, it also violates the principle of least surprise 



4.  Should the auth modules reject such names?
No, if they are valid user names for the authentication method in question, the auth module should accept them. If you do not want to allow spaces in user names, configure your underlying authentication system (LDAP, Kerberos, a MySQL database) to not allow spaces in its user names, and issue new user names to any user that currently has a space in their user name. 


--
  Mark Montague
  mark@xxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux