[nycphp-talk] Is it safe to log unsanitized, unvalidated user-inputted data into a logfile?
Paul A Houle
paul at devonianfarm.com
Sun Apr 5 21:42:28 EDT 2009
Konstantin Rozinov wrote:
> Hey guys,
>
> I have a question about logging messages.
>
> Is it safe to log unsanitized, unvalidated user-inputted data into a logfile?
>
It all depends on how paranoid you are.
Strange text can be toxic to any of the software that processes your
logfiles. For instance, there are some character sequences that can
cause some terminal programs to capture some characters from the screen
and send them back to the command line. Any software that looks at your
log files can potentially have buffer overflows that could be triggered
by them.
More information about the talk
mailing list