Privacy of GET requests in logs

I used GET requests to send somewhat sensitive data in an HTTPS form before switching to POST requests.

How long will it be before all copies of those requests are truly deleted / overwritten, since shared secrets were sent via GET. (Of course, I’m not keeping a copy and I changed the secret just in case)

My site is https://fern.rf.gd , if that’s relevant.

As far as we’re concerned, pretty much immediately. We don’t keep access logs of sites on free hosting, the amount of traffic being handled is huge and processing it all is complicated and costly. So the access logs are immediately aggregated into the account hits counter, and discarded.

9 Likes

Ahh, thanks.

BTW, on my home hosted mirror, access logs are in the terminal, and I think they aren’t stored elsewhere (I can check later).

3 Likes

You can configure on the server where the logs are sent: to a file, to the terminal (stdout) or somewhere else.

3 Likes

Nice. I’ll keep using stdout, and only copy the logs to a file if I think they are interesting.

I like how it (the terminal) autoclears old logs, so they don’t take up space, or retain info that shouldn’t be retained, while still allowing me to see how my local mirror site is doing.

2 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.