[3826] in WWW Security List Archive
Re: web server's security -Reply
daemon@ATHENA.MIT.EDU (Jeremey Barrett)
Tue Dec 17 17:59:35 1996
Date: Tue, 17 Dec 1996 13:19:22 -0800 (PST)
From: Jeremey Barrett <jeremey@veriweb.com>
To: DAVE SANDERS <DSANDERS@fusn.com>
cc: fchen@mpl.UCSD.EDU, www-security@ns2.rutgers.edu
In-Reply-To: <s2b6502e.038@fusn.com>
Errors-To: owner-www-security@ns2.rutgers.edu
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 17 Dec 1996, DAVE SANDERS wrote:
> On the second question, my provider offers logging of this information, IF
> it exists. On my logs I don't get any name information. I think it relies
> entirely on the browser end and how the user set it up and whether they
> set it up with a name or email. (Can someone else clarify this?)
>
>> Also: IS there a way to find out who(account name) is using the brower
>> to brows your web page? From the log file of our web server I
>> could only find the machine name/IP address of the client. But
>> is there a way to record the user's name to our log file?
The only way this information can be gained is by running an identd check
(a query to the identd daemon on the _client's_, i.e. brower's, machine)
on the socket connected to the browser. identd is 1) not run by alot of
people on their machines (Unix), and 2) non-existent on windoze machines.
For the web server to collect this info, it has to connect to the identd
daemon, send a request, and get a reply. This is a performance bottleneck
in general, and since it will likely gain you little information, is
pretty useless IMO.
In Apache, the directive to do identd queries on connections is
IdentityCheck on
A CGI will receive the remote user's name in the REMOTE_IDENT environment
variable. I dunno if its logged or not in the standard logs.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jeremey Barrett
Senior Software Engineer jeremey@veriweb.com
VeriWeb Internet Corp. http://www.veriweb.com/
PGP Key fingerprint = 3B 42 1E D4 4B 17 0D 80 DC 59 6F 59 04 C3 83 64
PGP Public Key: http://www.veriweb.com/people/jeremey/pgpkey.html
"less is more." -- Mies van de Rohe.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMrcORy/fy+vkqMxNAQFGqgP/T7yXkcGXnse1WSknBUFjFjuhofsJYLk6
MjH+MuNi60056ra4zagH+fbAgbhAzggUF1+Mh5w0UkzyMSh2NdvoBXcQXrg1Q1Zu
HwfxZnhlyV8ZDxfuPTOaDSAaRbRzWemzeL9DQe7+23m3EXG1zutzE/166JkNbV8h
DzNRPS9nNIs=
=3UwG
-----END PGP SIGNATURE-----
