WebApp Sec mailing list archives

Re: IIS log

From: Randy <rho () clunet edu>
Date: Tue, 5 Aug 2003 13:58:00 -0700 (PDT)


This is a funny security message...  I have setup and administered
multiple IIS systems which utilize live payment systems and have never seen IIS log
CC#s.  The security hole is most likely within your webapp itself rather
than IIS.

--Randy

On Tue, 5 Aug 2003, Justin H Tran wrote:





I just viewed an IIS log and I noticed that the credit card # is loogged.
I beleive that this is a major flaw to log credit card # is clear text.
Does anyone have any advice?


Regards,
Justin



*** Incoming Mail scanned for known Viruses by CLUnet ***

Current thread:

IIS log Justin H Tran (Aug 05)
- Re: IIS log Alejandro Flores (Aug 05)
- Re: IIS log Randy (Aug 05)
- <Possible follow-ups>
- RE: IIS log Michael Howard (Aug 05)
  - RE: IIS log Richard M. Smith (Aug 05)
- Re: IIS log dotnetter (Aug 05)
- Re: IIS log jamesworld (Aug 05)
- RE: IIS log Nelson, Ernie (Aug 05)