- Article Type: General
- Product: Aleph
- Product Version: 18.01
For some X services such as BOR-AUTH it is mandatory to enter the user password and verification.
But, the verification also appears in the www log file.
This of course is a security problem. The verification should not appear in the log file.
If I do this:
Then I get an error message: "Both Bor_Id and Verification must be supplied"
If I do this then it works:
But the log file stores the verification and this is considered a security breach.
2010-03-17 12:43:42 74  [vrb] server_main: OUT 0.0382 435
2010-03-17 12:44:00 17  [vrb] IN 20100317 124400
ip address: 10.1.234.8 587
X SERVICE: BOR-AUTH
Do not want verification stored in the www_server log file.
Fixed in v.20 by rpc #3339
- Article last edited: 10/8/2013