Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By marna on
Hi! I could do with some advice about whether I'm over-thinking a problem.
I've been passed a module for a D7/ Commerce site I'm putting together. It adds a payment gateway, and was provided directly by the payment processor.
But! It logs everything it does to a log file within the module directory, which I'm really unhappy about. Their reasoning is that this is the log location for all the different modules & plugins they produce, for ease of support and installation.
(The module checks for the file and creates it if it's not there, so simply upgrading the module should not wipe out all logs; it's not that bad.)
My instinct is to at least write a patch for it that logs to watchdog or elsewhere in the DB, or to somewhere in /var/log/ - but that immediately causes a bigger maintenance load; whenever it needs upgrading it will need repatching.
What do you people think? I can't decide if I'm being overly fastidious or not.
Thanks!
Comments
i guess it depends entirely
i guess it depends entirely what it is logging. if its just logging success / fail, then where it is wont hurt too much, but i agree that a log file above web root is generally bad.
if you can write a patch for it to put it in /var/log/ then go for it, the overhead is tiny compared to the increased security, in the end its up to you. But do at least check what it is actually logging first
RTFM!
For further support or projects contact me.
Source Control - Web Design, Development and Hosting Oxfordshire, UK
It's not logging anything
It's not logging anything sensitive at the moment - just error and success messages. But I think I'll still get the logs shifted to /var/log/. It's no amount of work to patch it to do that. It will mean more overhead when updating the module/ moving to a new server, but that should be be ok as long as I document it clearly.
Thank you for your input! I was worried that I might have been being overpedantic about things, so it's good to know that I'm not alone in thinking that.
Marna