From owner-freebsd-security Mon May 22 14:19:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from clavin.efn.org (clavin.efn.org [206.163.176.10]) by hub.freebsd.org (Postfix) with ESMTP id 8EC4B37BB8B for ; Mon, 22 May 2000 14:19:16 -0700 (PDT) (envelope-from bdeless@efn.org) Received: from garcia.efn.org (bdeless@garcia.efn.org [206.163.176.5]) by clavin.efn.org (8.10.1/8.10.1) with ESMTP id e4MLIux25116 for ; Mon, 22 May 2000 14:19:01 -0700 (PDT) Received: from localhost (bdeless@localhost) by garcia.efn.org (8.10.1/8.10.1) with ESMTP id e4MLIfh00141 for ; Mon, 22 May 2000 14:18:55 -0700 (PDT) X-Authentication-Warning: garcia.efn.org: bdeless owned process doing -bs Date: Mon, 22 May 2000 14:18:38 -0700 (PDT) From: BD To: freebsd-security@freebsd.org Subject: Web Server and Xwindows Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I currently run a web site on a 4.0 box using the current version of Apache. I must confess a desire to install X(w/KDE) now. This box is in the DMZ, has PHP3 and MySQL. Sendmail is also handled here. Stateful packet filtering only allows 80,443,25,110-all with wrappers. Is X still the security risk I've always been taught? Any thoughts or advice is appreciated. Many Thanks, Robert To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message