[Twisted-Python] Re: [Twisted-commits] log stderr and non-zero exit code in CGIs, don't show info to users as it is a security risk (closes issue #241)

On Thursday, August 28, 2003, at 10:32 AM, itamarst CVS wrote:
log stderr and non-zero exit code in CGIs, don't show info to users as it is a security risk (closes issue #241)
We shouldn't swallow errors in these situations. If it's a security risk, provide a way for the server administrator to turn it off, but this is a _bad_ default.
If you doubt the wisdom of making this default, please consult any number of Perl FAQs of the form:
Q. "I wrote a CGI and it works perfectly, but now I moved it to another server and I get nothing but a "500 Internal Server Error" page. How do I tell what went wrong!?!?!?"
A. Look in your apache logs.
---
Q. "I looked at my apache logs and nothing makes sense! How do I tell what the error was??!"
A. ...
Also, could you clarify the security risk of displaying stderr from CGI scripts? I've never heard of a CGI that puts security-critical information on stderr rather than stdout and makes it a risk to display to users.

On Thu, 28 Aug 2003 19:16:09 -0500 Glyph Lefkowitz glyph@twistedmatrix.com wrote:
Also, could you clarify the security risk of displaying stderr from CGI scripts? I've never heard of a CGI that puts security-critical information on stderr rather than stdout and makes it a risk to display to users.
If it's a python script it's probably going to be a traceback.
Also, I don't care about the Perl FAQ :) If you can't figure out how to read the exact same info out of a logfile, you shouldn't be trying to debug a CGI script.

On Thursday, August 28, 2003, at 07:50 PM, Itamar Shtull-Trauring wrote:
Also, I don't care about the Perl FAQ :) If you can't figure out how to read the exact same info out of a logfile, you shouldn't be trying to debug a CGI script.
Well, I'll defer to a poll, here, if anyone is interested in this issue. In the absence of more than one user's feedback putting it one way or the other, I will revert this change.

On Thu, 28 Aug 2003 19:59:37 -0500 Glyph Lefkowitz glyph@twistedmatrix.com wrote:
Well, I'll defer to a poll, here, if anyone is interested in this issue. In the absence of more than one user's feedback putting it one
way or the other, I will revert this change.
Only revert the removed HTML output - it should be logged to the log file regardless.

Well, thanks to the few users who responded to me privately. The feeling seems to be unanimously in favor of leaving the output on by default: however, there is also widespread agreement that we need a better error-reporting mechanism in general so that we can look at these sorts of things in a persistent manner without grepping through logfiles all the time.
On Thursday, August 28, 2003, at 08:26 PM, Itamar Shtull-Trauring wrote:
Only revert the removed HTML output - it should be logged to the log file regardless.
Will do.
participants (2)
-
Glyph Lefkowitz
-
Itamar Shtull-Trauring