Strange advisory
Valentin V. Bartenev
vbart at nginx.com
Tue May 13 08:22:55 UTC 2014
On Sunday 11 May 2014 06:25:53 B.R. wrote:
[..]
> What is the benefit of having those unescaped control characters in a log
> file? Escaping them allows you to warn about their presence safely... and
> that is directly exploitable by anything, once again safely.
The benefit is that you can easily find in error/debug log exactly what
a client has sent with binary precision, and therefore better diagnose
a problem. And this actually is the main purpose of error log (normally
it's just empty).
wbr, Valentin V. Bartenev
More information about the nginx
mailing list