You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This comes from a question asked on the mailing list (2024-02-27).
Requests that hit the EPrints::Apache::Auth::auth_basic function will log the username to the Apache access.log file (if %u is in the log format definition). This is caused by this link:
There are various places that a similar line could be added - but I'm not quite sure where the right place is - possibly somewhere in EPrints::Apache::Rewrite before the URL_REWRITE triggers are called.
A config option may also be a sensible option to control whether the usernames are logged. $c->{log_usernames_in_apache_logfile} = 0;
I'm not sure if all authentication routes result in a sensible value from $repo->current_user->value( "username" );?
If not, an archive-level config method to allow something sensible to be added to $r->user( ... ); would be good.
The text was updated successfully, but these errors were encountered:
I think by default I would want to have this switched off, as I cannot ascertain why this was not already being set in the EPrints::Apache::Auth::auth_cookie function. It concerns me that there may previously have been a decision was taken to not set this for data privacy reasons.
I thought it better to call this $c->{cookie_auth_set_user} as this is already an option called $c->{cookie_auth} so it is easier to appreciate this are related. I will add the option, disabled by default in lib/cfg.d/misc.pl. The code to set the user needs to be in perl_lib/EPrints/Apache/Rewrite.pm.
This comes from a question asked on the mailing list (2024-02-27).
Requests that hit the EPrints::Apache::Auth::auth_basic function will log the username to the Apache access.log file (if
%u
is in the log format definition). This is caused by this link:eprints3.4/perl_lib/EPrints/Apache/Auth.pm
Line 292 in 13690e7
There are various places that a similar line could be added - but I'm not quite sure where the right place is - possibly somewhere in EPrints::Apache::Rewrite before the URL_REWRITE triggers are called.
A config option may also be a sensible option to control whether the usernames are logged.
$c->{log_usernames_in_apache_logfile} = 0;
I'm not sure if all authentication routes result in a sensible value from
$repo->current_user->value( "username" );
?If not, an archive-level config method to allow something sensible to be added to
$r->user( ... );
would be good.The text was updated successfully, but these errors were encountered: