CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviContribute »
  • Community Contributed Payment Processors »
  • Apache logs have clear text info related to Paypal
Pages: [1]

Author Topic: Apache logs have clear text info related to Paypal  (Read 4370 times)

alfred_nutile

  • Ask me questions
  • ****
  • Posts: 464
  • Karma: 14
    • River Valley Tech Collective
Apache logs have clear text info related to Paypal
January 26, 2009, 05:43:34 am
seems odd and risky ??? Any thoughts?
If you look in the logs you see...
Quote
Host: api-3t.paypal.com
Accept: */*
Content-Length: 436
Content-Type: application/x-www-form-urlencoded

user=paypal_api1.XXX.org&pwd=XXXXXXXXXX&version=3&signature=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&subject=&method=SetExpressCheckout&paymentAction=&amt=48&currencyCode=USD&invnum=aa13481e1ba67ea76c25f229b1e2d515&returnURL=http%3A%2F%2Fwww.xxxx.org%2Fcivicrm%2Fcontribute%2Ftransact%3F_qf_Confirm_display%3D1%26rfp%3D1&cancelURL=http%3A%2F%2Fwww.xxxxx.org%2Fcivicrm%2Fcontribute%2Ftransact%3F_qf_Main_display%3D1< HTTP/1.1 200 OK
< Date: Sun, 25 Jan 2009 18:12:02 GMT
< Server: Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7e mod_fastcgi/2.4.2
< Content-Length: 130
< Connection: close
< Content-Type: text/plain; charset=utf-8
* Closing connection #0
* About to connect() to api-3t.paypal.com port 443
*   Trying 66.211.168.126... * connected
* Connected to api-3t.paypal.com (66.211.168.126) port 443
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* SSL connection using DES-CBC3-SHA
* Server certificate:
*        subject: /C=US/ST=California/L=San Jose/O=PayPal, Inc./OU=Information Systems/CN=api-3t.paypal.com
*        start date: 2008-03-05 00:00:00 GMT
*        expire date: 2009-03-05 23:59:59 GMT
*        issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
* SSL certificate verify ok.
> POST /nvp HTTP/1.1
Host: api-3t.paypal.com
Accept: */*
Content-Length: 192
Content-Type: application/x-www-form-urlencoded

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Apache logs have clear text info related to Paypal
January 26, 2009, 07:54:36 am

which log file are u referering to? Apache log or CiviCRM.log?

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

alfred_nutile

  • Ask me questions
  • ****
  • Posts: 464
  • Karma: 14
    • River Valley Tech Collective
Re: Apache logs have clear text info related to Paypal
January 26, 2009, 08:44:43 am
/var/log/apache2/error.log
Not sure if it goes through okay on the civi end.
It is civicrm installed in a multisite install of drupal so not sure if that gets in the way.

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Apache logs have clear text info related to Paypal
January 26, 2009, 09:42:58 am

i suspect thats an apache ssl setting. you might want to check that and turn off debugging

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

alfred_nutile

  • Ask me questions
  • ****
  • Posts: 464
  • Karma: 14
    • River Valley Tech Collective
Re: Apache logs have clear text info related to Paypal
January 26, 2009, 10:22:04 am
I looked in civicrm
global --> debug
and
payment processor and all debugs where off.

I checked apache and default was set to warn, err, crit
So I just left it at crit

Do you think that should do it and how dangerous is this info?

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Apache logs have clear text info related to Paypal
January 26, 2009, 02:45:58 pm

i would try and track down whats emitting that output and turn it off. maybe curl in debug mode?

lobo

A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviContribute »
  • Community Contributed Payment Processors »
  • Apache logs have clear text info related to Paypal

This forum was archived on 2017-11-26.