www_server logs and x-service bor-info requests
- Article Type: General
- Product: Aleph
- Product Version: 18.01
Description:
In the www_server logs we are seeing the bor_id and verification in plain text from x-server requests to bor-info. Is there a way to not log these elements?
/X?op=bor-info...............
Resolution:
The logging of this information is hard-coded into the program and is executed when the www_server is started with the "-v" (verbose) option. When the www_server is restarted with util 3 1, the -v option is automatically invoked. You could edit the proc ($aleph_root/proc/www_server) to eliminate the -v option, but that is likely to turn off a great deal of other logged information that you may find useful. You could experiment with this and see if it is too drastic a change.
However, verification is not checked if you use the default x-server password WWW-X. So, you don't actually need to have people use verification in their requests. The following request works on our v18 server:
http://il-aleph02:8991/X?op=bor-info&bor_id=00000012&library=usm50
If you don't have security concerns, this might work for you. The information would still be logged, but would not be private information.
- Article last edited: 10/8/2013