Date: Thu, 20 Jan 2005 12:07:25 +0100 From: Eilko Bos <tafkam@brasapen.org> To: Ted Mittelstaedt <tedm@toybox.placo.com> Cc: Jay O'Brien <jayobrien@att.net> Subject: Re: Security for webserver behind router? Message-ID: <20050120110725.GA99151@webmail.home.brasapen.org> In-Reply-To: <LOBBIFDAGNMAMLGJJCKNIEBEFAAA.tedm@toybox.placo.com> References: <41EF4A34.4020808@att.net> <LOBBIFDAGNMAMLGJJCKNIEBEFAAA.tedm@toybox.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>From the keyboard of Ted Mittelstaedt, written on Wed, Jan 19, 2005 at 11:25:00PM -0800: > > I am running Apache 1.3.33, as you suggest I should. You say > > "as long as > > Apache is secure"; what should I do to be sure that Apache is secure? > > > > Nothing, you nor nobody can do this. All you can do is subscribe to > the Apache mailing list and if someone discovers a hole in Apache > at some point in the future, then you can immediately patch your > installation with the inevitable patch that will shortly follow. Don't forget that Apache's nature is offering content. What about unsafe PHP/CGI-scripts? You can secure Apache, but that doesn't help when your webapplication is a big hole to your system. Just my 0.2$c Grtz, -- Eilko.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050120110725.GA99151>