httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jerry K <apa...@oryx.cc>
Subject Re: [users@httpd] Security, 2.0.xx vs. 1.3.xx
Date Tue, 05 Oct 2004 15:23:43 GMT
I don't know that there are any specific security pluses to using 2.0.x over 
1.3.x.  At any given time, there may be a security issue with either of the 
products, or even both.  Its my opinion that the Apache people are pretty good 
about getting security fixes out in a timely manner.

It has been my observation that the hold up for most people is "so and so" 
module has not yet been ported to 2.0.x and that is what has been holding them 
back.  I do not yet require any modules that haven't been ported to 2.0.x and I 
have deployed 2.0.x without issue in new servers that I build.  The one "big" 
module that many people indicated they had problems with early on with 2.0.x was 
PHP.  I believe that for the most part, those issues are resolved.  At least I 
am currently having no 2.0.x/PHP issues.

As far as why, moving to 2.0.x just seems obvious as this is where new 
development is being done, just as probably one day, we will be making the move 
to Apache httpd 3.x.

I would be curious to hear from anyone who is sticking with 1.3.x for reasons 
other than your module hasn't been ported.

Jerry K



David P. Donahue wrote:

> I'm currently using Apache 1.3.31 for my web serving needs.  It's never
> really occurred to me to use the 2.0 series, as I've had plenty of luck
> with the 1.3 series and I can't really find anything wrong with it.
> But, just out of curiosity, is there a security benefit to using the 2.0
> series?  Features aren't really an issue, as I use it for pretty basic
> stuff.  But security is a definite concern.  Is 2.0.52 "more secure"
> than 1.3.31?  If so, in what way?
> 
> 
> Regards,
> David P. Donahue
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message