[3828] in WWW Security List Archive
Re: web server's security
daemon@ATHENA.MIT.EDU (Timothy Kunau)
Tue Dec 17 18:42:31 1996
From: Timothy Kunau <kunau@cray.com>
To: henker@informatik.uni-bremen.de (Steffan Henke)
Date: Tue, 17 Dec 1996 15:48:38 -0600 (CST)
Cc: fchen@mpl.UCSD.EDU, www-security@ns2.rutgers.edu
In-Reply-To: <Pine.LNX.3.95.961217120703.10965B-100000@henker.home.informatik.uni-bremen.de> from "Steffan Henke" at Dec 17, 96 12:09:31 pm
Errors-To: owner-www-security@ns2.rutgers.edu
>
> On Mon, 16 Dec 1996, Hsiufang Chen wrote:
>
> > Also: IS there a way to find out who(account name) is using the brower
> > to brows your web page? From the log file of our web server I
> > could only find the machine name/IP address of the client. But
> > is there a way to record the user's name to our log file?
>
> I do not recommend it, but Apache has an option to log the username. There
> must be an identd running on the client machine so you won't get the user
> names of all the Mac and Win surfers.
> Nonetheless: leave us just a LITTLE anonymity and don't log usernames.
The NCSA daemon (at one point) had an option to perform identd
confimations of user names for logging purposes. Interesting, but
does not work for systems not running something to respond to an identd
request. If it didn't seriously degrade the user's performance - while
they're waiting for an ident response - it might be a good thing. ;-)
Thanks,
Tim
--
-----------------------------------------------------------------------
| Timothy M. Kunau ORACLE and WWW Support |
-----------------------------------------------------------------------
| Email: kunau@cray.com Cray Research - An SGI Company |
| Information Services |
| AT&T: (612)683-3082 655E Lone Oak Drive |
| FAX: (612)683-3099 Eagan, MN 55121 |
-----------------------------------------------------------------------
