> Thank you for raising the issue. Indeed that is a grave problem. > Unfortunately upstream author is away for a week or two, thus I will try > to resolve the issue on my own. I think that I will simply incorporate > regex for IPs inside failregex config options, thus IP addresses will > not be harvested blindly from the log line, but rather provided by the > failregex's group(). Do you see any possible problems with such > approach? Please advise. If it sounds feasable I will have the bug fixed > asap
I don't mean to sound overly alarmist with my choice of grave. It's just the lowest level I saw security concerns listed. I suspect the approach followed by this app will have other minor security concerns and is probably not viable for production grade deployment at this time. I almost feel the docs should warn this, but whatever. I think essentially the log watcher should be sufficiently constrained to match the line as closely as possible. I am not certain how changable log file formats are, but I perhaps a regex rule that matches just the IP address section of the particular log format is in order? Personally I have a strong distrust for complex regex though. This isn't very useful. If I had a clearer productive plan for how to fix it I probably would ahve contributed patches. Sorry. -josh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
