httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jaqui Greenlees <jaqui_greenl...@yahoo.ca>
Subject Re: [users@httpd] Apache Examples Extreme Web Servers
Date Tue, 13 Mar 2007 23:54:01 GMT

--- Sean Conner <spc@conman.org> wrote:

> It was thus said that the Great Jaqui Greenlees once
> stated:
> > 
> > > You could check the php config and other details
> at
> > > http://82.222.170.52/i.php
> > 
> > This was not a good idea, this list has publicly
> > accesable archives of all messages.
> 
>   And how is this any different than when it's
> requested to post
> configurations here, unaltered, for help in
> debugging?  (sorry, "security
> through obscurity" is a hot button topic for me, one
> that I don't believe
> in).
> 
It's different in that the SERVER IP isn't part of a
message with the data in it.
Not only is the configuration data there, you have the
publicly accessable ip number for the server.
the configuration data psted as part of the message,
no ip number for someone to use to try to break the
system.
[ not that apache or linux are that vulnerable to
such, compared to Windows and IIS or Microsoft Server.
]



> > > We are using Redhat Enterprise Linux 4, we are
> > > installing apache , php , and modules from
> source.
> >  
> > Why not use the RHEL supplied packages? it would
> > simplify the administration and patching for bugs
> and
> > security issues.
> 
>   I found the exact opposite.  Using the tarballs to
> install has been by far
> easier on me than expecting the various package
> managmenet tools to work
> correctly (I've been burned by apt-get, yum and
> emerge too many times to
> even bother with them any more).  
> 

I personally wouldn't use RHEL or Suse either, both
use YUM, both throw really stupid requirements into
package dependencies. [ what binary distro doesn't
though? ]
I was thinking more the maintenance with patching,
than the basic installation being easier with a
package manager.
DIY or LFS are the two distros I think are worth
using, a 100% from source, no automated tools build, [
DIY being build scripts, not a installer script ] no
bogus dependencies foisted on you by someone else, no
bloatware GUI forced on you, no really stupid disable
root account type decisions to have to fix. [ can ya
tell I'm not happy with most distros? ;) ]
I only once, in the last 9 years, have had a single
issue caused through an update from a distro supplied
package manager, Mandrake 8.2 broke Apache with a
mod_perl update.

Jaqui


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message