[Python-Dev] Re: privacy in log files?

[Guido van Rossum]

> Guido van Rossum wrote:
> > I found this comment in Parser/tokenizer.c:
> > 
> > 		/* We don't use PyErr_WarnExplicit() here because
> > 		   printing the line in question to e.g. a log file
> > 		   could result in sensitive information being
> > 		   exposed. */
> > 
> > I didn't see a SF reference there or in the CVS checkin comment, so
> > I'm stumped.  What's the use case? 

[MAL]
> I have gotten a lot of emails from various people about the
> new source code encoding feature and the warning that is
> generated for code lines which have non-ASCII characters
> in them if the file doesn't have a coding header.

Is the idea that non-ASCII characters are likely to be used in
passwords?

> Many of these people mentioned that webserver logs (for CGI
> scripts) would get flooded with these warnings and that there
> is a potential security breach here if a source line is
> being copied into to these logs. It is rather common that
> these logs are world readable, so passwords and other sensible
> information could easily escape the script's source code,
> e.g. login information for databases.

I can interpret world-readable in two ways.  On Unix, it traditionally
means that anybody with a login name can read it.  Since Apache
typically runs as user nobody, CGI scripts have to be world-readable
as well.  So I'm still not convinced.  Or are there sites that
actually publish their log files on the web?  What would the point of
that be?  I'd be surprised if there wasn't a lot of other
privacy-sensitive data in such log files, and the complainers should
complain about the public logs rather than focusing on Python trying
to issue a useful error message.

--Guido van Rossum (home page: http://www.python.org/~guido/)