From owner-freebsd-questions@FreeBSD.ORG Mon Apr 12 12:40:22 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C588916A4CE for ; Mon, 12 Apr 2004 12:40:22 -0700 (PDT) Received: from out002.verizon.net (out002pub.verizon.net [206.46.170.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5555743D68 for ; Mon, 12 Apr 2004 12:40:22 -0700 (PDT) (envelope-from cswiger@mac.com) Received: from mac.com ([68.160.247.127]) by out002.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20040412194021.ZLQK9273.out002.verizon.net@mac.com> for ; Mon, 12 Apr 2004 14:40:21 -0500 Message-ID: <407AF080.5070109@mac.com> Date: Mon, 12 Apr 2004 15:39:44 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7b) Gecko/20040316 X-Accept-Language: en-us, en MIME-Version: 1.0 To: questions@freebsd.org References: <20040412095020.M76613@maa-net.net> <20040412102829.GB7692@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <20040412102829.GB7692@happy-idiot-talk.infracaninophile.co.uk> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out002.verizon.net from [68.160.247.127] at Mon, 12 Apr 2004 14:40:21 -0500 Subject: Re: apache13-modssl X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Apr 2004 19:40:22 -0000 Matthew Seaman wrote: [ ... ] > Your friend is being unnecessarily alarmist. apache2 is not > significantly different to apache13 in security terms. There have been 16 CVE entries list for Apache 2, and 8 for Apache 1.x: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=apache+2 http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=apache+1 ...so, if anything, one could argue that Apache 1 is a better bet in terms of security (not surprising, 1.x is more widely used and better tested). > However, it is > (I think) still a bit bigger and slower than apache13, plus support > for all of the vast panoply of add-on modules etc. is yet to appear. > > However, apache2 works very well, and has some extra functionality > (like improved IPv6 support and better threading) which may make it > the preferrred choice at some sites. I don't have rigorous benchmarks to prove this opinion :-), but observation suggests that platforms which have very good thread support (ie, Solaris and MacOS X) tend to run Apache 2 better than platforms which have OK thread support (Windows, FreeBSD, Linux). The same observation tends to apply to Java as well, and if one is generating dynamic web content using a JVM, the condition of thread support on the local platform matters even more. -- -Chuck