httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dale Ghent <da...@elemental.org>
Subject Re: Minor security issue in httpd.conf - .your_domain.com
Date Thu, 05 Apr 2001 01:36:29 GMT
On Wed, 4 Apr 2001, Greg Stein wrote:

| This is not a security issue. security@apache.org is for reporting security
| defects in ASF software. Configuration issues do not count.
| 
| However, this does point to a basic problem in our .conf file. We should be
| using the example.com domain throughout our .conf and documentation files.
| That domain exists solely to be used in RFCs, docs, etc for examples... no
| hosts will resolve.
| 
| (it is registered to the IANA in perpetuity, for this situation)

Besides, I believe that most DNS servers (at least later versions of BIND)
reject hostnames which have underscores (_) in them as non-legal
characters in DNS.

/dale


Mime
View raw message