Jump to content

Logistack Security

From Logistack
Revision as of 19:30, 14 October 2025 by Lee Miller (talk | contribs) (Overview)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Overview

95% of the pages in Logistack can only be seen by Admins and Superusers.

Beyond that, all data is protected inside a MySQL database.

Tests

Extra Protection

Most protected pages are set to display errors, which under ordinary circumstances would be asking for trouble! However, the way I've set things up, to make providing support easier, is to use redirects, let me explain ...

This is what a normal PHP error looks like;

Parse error: syntax error, unexpected '}', expecting ')' in /var/www/app.php on line 7

The issue is that when this displays publically, it provides an "in." Showing /var/www/app.php (or any full server path) to the public is classic information disclosure. On its own, it’s not a hack, but it materially helps attackers.

With Logistack, when an error like this occurs, a normal user (non-admin), is redirected to a page that says, "An error occurred please inform admin." And when admin visit this page, they're provided with a log number, and a line of code that tells me, exactly what's wrong, without compromising the security of your website.

What would normally be a 500 error at best, becomes a tool to fix your site.

Retrieved from "https://wiki.logistack.co.uk/index.php?title=Logistack_Security&oldid=190"