WebApp Sec mailing list archives
RE: IIS log
From: "Michael Howard" <mikehow () microsoft com>
Date: Tue, 5 Aug 2003 12:58:04 -0700
Iis doesn't log credit card numbers!!! There's no concept of CCs in HTTP!!! My guess, and it is a guess, is some other app running on top of iis is logging the data, or the data is in the URI Can you send me a snippet of the log?replace the CC# with something bopgus -----Original Message----- From: Justin H Tran [mailto:justint () us ibm com] Sent: Tuesday, August 05, 2003 12:35 PM To: webappsec () securityfocus com Subject: IIS log I just viewed an IIS log and I noticed that the credit card # is loogged. I beleive that this is a major flaw to log credit card # is clear text. Does anyone have any advice? Regards, Justin
Current thread:
- IIS log Justin H Tran (Aug 05)
- Re: IIS log Alejandro Flores (Aug 05)
- Re: IIS log Randy (Aug 05)
- <Possible follow-ups>
- RE: IIS log Michael Howard (Aug 05)
- RE: IIS log Richard M. Smith (Aug 05)
- Re: IIS log dotnetter (Aug 05)
- Re: IIS log jamesworld (Aug 05)
- RE: IIS log Nelson, Ernie (Aug 05)