Discuss: Application Logs - Security Best Practices
by Dipesh Rawal, CISA
Discussion is open —
there are 2 reader comments.
Add yours.
1. Dharmesh Mehta | 21 Oct 2005 5:23 PM
In certain environments, the IP Address of the user may not be a reliable parameter for identification, as in the case if Internet-facing applications or if the application is hosted behind proxies or loadbalancers.
In that case, either ignore the IP Address or log the information in the Client-IP or Via HTTP Headers
2. Varun | 04 Jul 2006 7:11 PM
Short but useful checklist. Thanks.