Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You probably shouldn't log usernames then, or really any form fields, as users might accidentally enter a password into one of them. Kind of defeats the point of web forms, but safety is important!


Are you using a very weird definition of "logging" to make a joke? Web forms don't need any logging to work.


You save them in a database. Probably in clear text. Six of one, half-dozen of the other.


A password being put into a normal text field in a properly submitted form is a lot less likely than getting into some query or path. And a database is more likely to be handled properly than some random log file.

Six of one, .008 of a dozen of the other.


So no access logs at all then? That sounds effective.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: