Restrict log access - Githubissues

fernwerker / ownDynDNS

Self-hosted dynamic DNS php script for FRITZ!Box and netcup DNS API

GNU General Public License v3.0

138 stars 35 forks source link

Restrict log access #17

Open mhellmeier opened 3 years ago

mhellmeier commented 3 years ago

When running the application, everyone can get detailed information like personal IP address, failures etc. by accessing the log files (just visit /log.json in a browser). Access to the log file should be restricted and only visible by admins.

fernwerker commented 3 years ago

I understand your point. Some thoughts on this:

Public IP address will be published anyways as A/AAAA record of your DNS. So this is actually intended behavior of the dyn DNS. So if this is just written in the log.json as well, I wouldn't mind.
The history of IP addresses on the other side, is sensible and shouldn't be in there - I agree
The other information: yes, could be discussed but not that sensible, but thats where you can disable the log functionality

Suggestion:

We add the htaccess as an example configuration but I wouldn't add it as a default file

mhellmeier commented 3 years ago

Thanks a lot for your response!

We add the htaccess as an example configuration but I wouldn't add it as a default file

Since you are the owner of the project, it is your decision if you add it as a default case or not. In my opinion, restricted access should be the default case following the Privacy by Default principles. Otherwise, the following thought wouldn't be satisfied:

The history of IP addresses on the other side, is sensible and shouldn't be in there - I agree

Moreover, I don't see the advantages of having a publicly available log.json file.

fernwerker commented 3 years ago

As said: intended use of this tool is, to have my IP adress publicly available and use it within DNS. Therefore having this information public is a must criteria otherwise the tool would be useless.

Reason for log.json file is:

DNS is slow system, therefore the update of an entry needs some time. If you need to have this information ASAP, you can look it up in the json.log
If your DNS API or something else on DNS side fails, the json.log still holds your IP address

After you usually use this, when you are not in the subnet of the dynamic IP address this might be helpful.

If you don't need this, please use .env to turn logging and debugging of. Et voila, no more information.

I'll leave this open to investigate on the history a little further as soon as I find some time, because a feature to restrict historian access is necessary.

NiiWiiCamo commented 1 year ago

Personal choice imho, as for the feature: I added a configuration script to my fork / PR that interactively asks you many of those questions. Also added a deny block for nginx users to the examples and as message in the script.

As for me, default should imho be to discourage public log access but inform and empower the user to do whatever they please.