Server log security

software development

#1

I’m in the middle of setting up handling of PayPal’s IPN postbacks, and encountered this warning in their documentation: “Shared secrets posted to you by PayPal through IPN are not encrypted; they are in clear text for easier processing. Therefore, the shared secrets are recorded in the clear in the access logs of your web server. Be sure to practice proper security for these logs. If you use a web server hosting service, ensure that your provider practices proper security of your data.”

So, my question is: are my server logs secure on Dreamhost? Can anyone else besides me see them? (More precisely: if PayPal does a POST to some script on my site, is there any way for anyone else to see what the post parameters were?)

Thanks.


#2

Ensure the user is setup with Enhanced Security checked.

[color=#00CC00]Panel > Users > Manage Users[/color]

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost


#3

thx!