Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - About Logging
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

About Logging
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
iSec View Drop Down
Senior Member
Senior Member
Avatar

Joined: 13 February 2005
Status: Offline
Points: 1140 		Post Options Post Options   Thanks (0) Thanks(0)   Quote iSec Quote  Post ReplyReply Direct Link To This Post Topic: About Logging
    Posted: 30 August 2008 at 5:16am
I gather that without giving the IUSER account write/modify permissions to the log_files folder, loggin would not work, and even results in an error (800a0046 - permission denied when a logged action takes place), etc...
 
Now, this can be a security problem, because ANYONE that knows the path to the log_files folder / date-time can easily read log files. These log files contain sensetive information such as IP addresses, and that's another privacy issue... Forum members will not like their IP's being exposed and this may cause a bad reputation to the website.
 
So what do we do here?
"When it gets dark enough, you can see the stars"
-Charles A. Beard
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 30 August 2008 at 8:39am
Yes you do need to have read, write, and modify permissions set for the IUSR account on the folder containing the log files.

No you shouldn't have log files saved in the log_file folder in a public folder. For this reason when configuring log files in the includes/setup_options_inc.asp file it says to change the location where the log files are stored to a non-public folder outside the root of your public website.

I would suggest that you place the log files in a parent folder above the folder containing your website on the server. You need to use the path from the forum application to the log file folder.

Change the following line:-

Const strLogFileLocation = "log_files" 


To:-

Const strLogFileLocation = "../../private/log_files"  


Change the part in red to the location you want your log files stored. The part ../ is to move up to the parent directory above the location the forum is located.



Edited by WebWiz-Bruce - 30 August 2008 at 8:57am
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
iSec View Drop Down
Senior Member
Senior Member
Avatar

Joined: 13 February 2005
Status: Offline
Points: 1140 		Post Options Post Options   Thanks (0) Thanks(0)   Quote iSec Quote  Post ReplyReply Direct Link To This Post Posted: 30 August 2008 at 9:35am
Bruce Thumbs%20Up
 
I didn't think about the idea of changing the path to a folder that is parent to the folder containing the website. Thank you so much!
"When it gets dark enough, you can see the stars"
-Charles A. Beard
Back to Top
iSec View Drop Down
Senior Member
Senior Member
Avatar

Joined: 13 February 2005
Status: Offline
Points: 1140 		Post Options Post Options   Thanks (0) Thanks(0)   Quote iSec Quote  Post ReplyReply Direct Link To This Post Posted: 30 August 2008 at 10:35am

Just a side note on the method that Bruce suggested (in case someone wonders), this method requires that parent paths be enabled in IIS. To configure IIS to allow parent paths, do this:

  1. Launch IIS, right-click the website in question, and click Properties
  2. Click the Home Directory tab
  3. Under Application Settings, click Configuration
  4. Click the Options tab
  5. Check the box 'Enable Parent Paths'

 P.S. I'm using IIS 6... not sure how it's done in IIS 7.
"When it gets dark enough, you can see the stars"
-Charles A. Beard
Back to Top
Nick-V View Drop Down
Senior Member
Senior Member


Joined: 26 October 2002
Location: United Kingdom
Status: Offline
Points: 319 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Nick-V Quote  Post ReplyReply Direct Link To This Post Posted: 30 August 2008 at 12:36pm
Does enabling parent paths in IIS present a security risk in itself?
 
Can the logfile location be specified as a disk rather than relative URL? C:\logfiles
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 31 August 2008 at 8:51am
Parent paths can coursed a security issue if you do not have your server setup securely.

The present logging feature is still really in early development and so can not use phyiscal paths.

On busy forums you should be careful not to enable logging for everything as there is a BIG performance hit in using logging.

It's mainly intended to log the actions of moderators and admins as a number of people have requested this so they can findout which moderator deleted a topic or post and for legal reasons so that if legal action is taken due to a dodgy post it can be proved legally when the Topic/Post was removed by the admin or moderator. On busy forums I would ONLY enable logging for moderator actions and not for anything else.


Edited by WebWiz-Bruce - 31 August 2008 at 11:15am
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
Nick-V View Drop Down
Senior Member
Senior Member


Joined: 26 October 2002
Location: United Kingdom
Status: Offline
Points: 319 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Nick-V Quote  Post ReplyReply Direct Link To This Post Posted: 31 August 2008 at 11:09am
Many thanks.
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.