[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #2489 [Website]: Set up new web server logging and log analysis infrastructure

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #2489 [Website]: Set up new web server logging and log analysis infrastructure
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Fri, 04 Feb 2011 09:32:23 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 04 Feb 2011 04:32:34 -0500
In-reply-to: <047.bed18c7dac507a02ca804edcd50aa8bf@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.bed18c7dac507a02ca804edcd50aa8bf@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#2489: Set up new web server logging and log analysis infrastructure
-------------------------+--------------------------------------------------
 Reporter:  karsten      |       Owner:  phobos
     Type:  enhancement  |      Status:  new   
 Priority:  normal       |   Milestone:        
Component:  Website      |     Version:        
 Keywords:               |      Points:        
   Parent:               |  
-------------------------+--------------------------------------------------

Comment(by rransom):

 Replying to [ticket:2489 karsten (quoting phobos)]:
 >  7. referrers (sanitized if it includes PII)
 >  8. search engines, keyphrases and keywords

 Search queries and other 'Referer' strings can easily be quite sensitive.
 They will also be particularly hard to sanitize, so whatever process we
 use to sanitize them will need a thorough review on or-dev.

 > And we should remember that this is more than just the logs for www.tpo,
 we have check, svn, gitweb, metrics, bridges, and trac websites to
 analyze.

 [https://check.torproject.org/ check.tpo] currently states: "This server
 does not log ''any'' information about visitors."  This published policy
 for check.tpo should not be changed lightly, if at all.

 Logs from gitweb.tpo and svn.tpo may disclose that someone is researching
 a security bug in a particular piece of code; if sanitized logs from those
 domains are published at all, they should be delayed by at least 24 hours.

 As I understand it, the logs currently collected by BridgeDB/bridges.tpo
 are quite dangerous.  We should also look into reducing the amount of
 sensitive information which that server stores.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2489#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #2489 [Website]: Set up new web server logging and log analysis infrastructure
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #2476 [Tor Client]: Run torperf on the sat link
Next by Author: Re: [tor-bugs] #2485 [Tor Weather]: Review Tor Weather's use of TorCtl
Previous by thread: Re: [tor-bugs] #2489 [Website]: Set up new web server logging and log analysis infrastructure
Next by thread: Re: [tor-bugs] #2489 [Website]: Set up new web server logging and log analysis infrastructure
Index(es):
- Author
- Thread