You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Annoying logs reports, very uninformative and weird
Every time someone visits a server, a page is generated with a blank page at the address:
data/logs/mysql/errors/YYYYMMDD.log.php
With a line at the top
(Blank in case there is an error - it will be added below a message with full trace of the error).
First of all, this is not correct at all!
Why we always must to have the page generated even if there is no error? I think the page must be generated ONLY in a case when the real error happened.
Second, why these very important logs added to .gitignore? Who did that? This is very insecure and very weird! Because server owners will not know what happened to their server and how a hacker will hack them and when! Please remove it from .gitignore, let all administrators and owners see what is happened at their git status on their host. It will open a way to create different custom scripts which will instantly alarm server owner about the error.
Third. Log system at fluxcp USELESS! Totally useless, because it does not send any notifications to an administrator, do not tell mostly anything, only in very rare cases admin in some very rare situation can check these logs if, for example, paypal transaction was wrong or weird.
Fourth. Keeping such data with very critical information at hosting is mega insecure to many reasons:
need to change YYYYMMDD.log.php to YYYY-MM-DD.hash().log.php to make each file UNIQUE!
stored files (if you wish to continue to have such log system) must have rights WITHOUT read / execute permission at all. Only with write permissions to file (even webserver should not be able to read the generated file)
when file generated (created) send auto-reply / notification to email which server owner / admin enters in application.php for instant notification about bug and for instant reaction. Just this simple stupid extra option and feature can fix maybe 99% of problems and hacks with fluxcp, because administrator will see that something is wrong and will react instantly.
This is related not only to data/log/mysql, this is related to many logs, all of them must be reviewed manually and changed to new and modern behavior like it must to be in 2017.
The text was updated successfully, but these errors were encountered:
Annoying logs reports, very uninformative and weird
Every time someone visits a server, a page is generated with a blank page at the address:
With a line at the top
(Blank in case there is an error - it will be added below a message with full trace of the error).
First of all, this is not correct at all!
Why we always must to have the page generated even if there is no error? I think the page must be generated ONLY in a case when the real error happened.
Second, why these very important logs added to .gitignore? Who did that? This is very insecure and very weird! Because server owners will not know what happened to their server and how a hacker will hack them and when! Please remove it from .gitignore, let all administrators and owners see what is happened at their git status on their host. It will open a way to create different custom scripts which will instantly alarm server owner about the error.
Third. Log system at fluxcp USELESS! Totally useless, because it does not send any notifications to an administrator, do not tell mostly anything, only in very rare cases admin in some very rare situation can check these logs if, for example, paypal transaction was wrong or weird.
Fourth. Keeping such data with very critical information at hosting is mega insecure to many reasons:
This is related not only to data/log/mysql, this is related to many logs, all of them must be reviewed manually and changed to new and modern behavior like it must to be in 2017.
The text was updated successfully, but these errors were encountered: