WebApp Sec mailing list archives

Re: IIS log

From: <dotnetter () bellsouth net>
Date: Tue, 5 Aug 2003 17:45:49 -0400

IIS logs log the http request.  The data you are seeing is being passed in the URL (very bad) or as form data in a form 
post...

thanks 
Bill Moore

From: Justin H Tran <justint () us ibm com>
Date: 2003/08/05 Tue PM 03:34:48 EDT
To: webappsec () securityfocus com
Subject: IIS log

I just viewed an IIS log and I noticed that the credit card # is loogged.
I beleive that this is a major flaw to log credit card # is clear text.
Does anyone have any advice?

Regards,
Justin

Current thread:

IIS log Justin H Tran (Aug 05)
- Re: IIS log Alejandro Flores (Aug 05)
- Re: IIS log Randy (Aug 05)
- <Possible follow-ups>
- RE: IIS log Michael Howard (Aug 05)
  - RE: IIS log Richard M. Smith (Aug 05)
- Re: IIS log dotnetter (Aug 05)
- Re: IIS log jamesworld (Aug 05)
- RE: IIS log Nelson, Ernie (Aug 05)