httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: [users@httpd] Untainting module for Apache
Date Thu, 30 Sep 2010 23:53:28 GMT

On 30 Sep 2010, at 18:23, Igor Galić wrote:

> Why not put it in svn in httpd's sandbox?

Hadn't 100% decided ...

>> http://people.apache.org/~niq/mod_taint.html
>> http://people.apache.org/~niq/mod_taint.c
> 
> does it make more sense to use it on a reverse proxy or
> on the backend in question?

Either of those might find a use for it.  Running it on a proxy
has the advantage of being the first port of call, so long
as nothing bad can come from behind the proxy.  I guess
that's a similar question to authentication at the proxy.
The "what are you protecting against" (malicious vs
accidental attack) might be relevant too if you have
both internal/trusted and external/untrusted users.

-- 
Nick Kew


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message