Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Verification field stored in www_server_4991.log

    • Article Type: General
    • Product: Aleph
    • Product Version: 18.01

    Description:
    Problem:

    For some X services such as BOR-AUTH it is mandatory to enter the user password and verification.
    But, the verification also appears in the www log file.
    This of course is a security problem. The verification should not appear in the log file.

    Example:

    If I do this:

    http://il-aleph07:8993/X?op=bor-auth&library=usm50&bor_id=313972002

    Then I get an error message: "Both Bor_Id and Verification must be supplied"


    If I do this then it works:

    http://il-aleph07:8993/X?op=bor-auth&library=usm50&bor_id=313972002&verification=313972002

    But the log file stores the verification and this is considered a security breach.

    2010-03-17 12:43:42 74 [000] [vrb] server_main: OUT 0.0382 435
    2010-03-17 12:44:00 17 [000] [vrb] IN 20100317 124400
    ip address: 10.1.234.8 587
    request: "/X?op=bor-auth&library=usm50&bor_id=313972002&verification=313972002"
    X SERVICE: BOR-AUTH

    Do not want verification stored in the www_server log file.

    Resolution:
    Fixed in v.20 by rpc #3339


    • Article last edited: 10/8/2013