httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <>
Subject Re: SUMMARY: How Secure Is The Apache WWW Server (fwd)
Date Wed, 04 Sep 1996 19:17:27 GMT

not acked.

[I'm catching up on bugs mail after 4 days of downtime with a busted
monitor :-( ]

----- Forwarded message from Reid Judd -----

Message-Id: <9609021918.AA22155@internet-gw2.HEA.COM>
Date: Mon, 02 Sep 96 12:17:12 -0700
From: Reid Judd <>
Organization: AAArt
X-Mailer: Mozilla 1.1N (X11; I; SunOS 4.1.3 sun4m)
Mime-Version: 1.0
Subject: Re: SUMMARY: How Secure Is The Apache WWW Server
References: <> <50f73l$>
X-Url: news:50f73l$
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii

These messages appeared on the newsgroups:,

  My quick question: is there something that I can do to 
  make NetScapes message go away?  (other than telling the
  users to turn it off in the preferences).

thanks in advance.
Reid Judd

Reid Judd <> wrote:
>According to the www-security-faq:
>	Q55: How do I turn off the "You are submitting the contents
>	of a form insecurely" message in Netscape? Should I worry
>	about it?
>	This message indicates that the contents of a form that 
>	you're submitting to a CGI script is not encrypted and
>	could be intercepted. Right now you'll get this message 
>	whenever you submit a form to any non-Netscape
>	server, since only the Netsite Commerce Server can 
>	handle encrypted forms. You probably shouldn't send
>	sensitive information such as credit card numbers 
>	via unencrypted forms . . .
>  Does the Apache server handle encrypted forms now?  Or is the
>  security only one-way from server to browser. Does NetScape have
>  a monopoly on secure transations?   I've just implemented
>  a secure form to take credit card info on an Apache server 
>  and the message the NetScape browsers return is frightening 
>  off any potential customers for my client.
>-- Reid Judd
>	AAArt
>	1414 Donohue Dr.
>	San Jose, CA 95131
>	(408) 937-1824 voice/FAX
>Steve Remsing <> wrote:
>>This is a summary of the information I received regarding the security
>>of the Apache WWW Server.
>>Out of six replies four people said they felt it was secure, provided
>>you don't install the sample cgi-bin programs that come with it.  Yes,
>>they have been fixed supposedly, but why take that chance.  Reasons
>>people felt Apache is secure are: very widely used, source code freely
>>available for review, and it actively being developed.  One person
>>said it was not secure (sorry I don't have details) and suggested using
>>In case any one out there is not aware, there is a good FAQ regarding
>>WWW security at:
>>I'd like to thank the following people for taking the time to provide
>>some information:
>>Peter Mardahl <peterm@langmuir.EECS.Berkeley.EDU>
>>Elliot Lee <>
>>Tony <>
>> (Gerard Hynes)
>>David Rudder <>
>>"John D. Mitchell" <>

----- End of forwarded message from Reid Judd -----

Rob Hartill (  ... why wait for a clear night to see the stars?.

View raw message