[5011] in WWW Security List Archive
RE: Security issues in Apache?
daemon@ATHENA.MIT.EDU (John Lehmann (SSASyd))
Thu Apr 10 02:22:50 1997
From: "John Lehmann (SSASyd)" <LEHMANNJ@saatchi.com.au>
To: "'www-security@ns2.rutgers.edu'" <www-security@ns2.rutgers.edu>
Date: Thu, 10 Apr 97 14:54:00 S
Errors-To: owner-www-security@ns2.rutgers.edu
>Phillip M Hallam-Baker wrote:
>> >>snip<<
>> It buys you not having to audit the code and consider the security
>> implications.
>
>It doesn't by _me_ that - I've already audited the code! But I'll agree
that
>it buys other people who don't trust me that.
> >>snip<<
> If you don't need to run something as root - dot! If you have an O/S
> that gives fine grain control over privileges then give each process
the
> minimum possible.
Ah... soon, I'm sure, Apache will be ported to WindowsNT, but in the
mean-time, we are advised to use Plan9, eh?
--
John J Lehmann--lehmannj@saatchi.com.au
