Go Back   CodingForums.com > :: Server side development > Apache configuration
Reload this Page phpdev Apache and security?

Before you post, read our: Rules & Posting Guidelines

Reply
 
Thread Tools Rate Thread
Enjoy an ad free experience by logging in. Not a member yet? Register.
Old 06-23-2002, 06:08 AM   PM User | #1
Alex Vincent
Moderator


 
Join Date: May 2002
Location: Hayward, CA
Posts: 1,427
Thanks: 1
Thanked 19 Times in 17 Posts
Alex Vincent is on a distinguished road
Exclamation phpdev Apache and security?
Firepages, I hate to bring this up publicly, but it may be the best way to get the word out. Hopefully you can fix this and make a quickie release.

Apparently, there has been a major denial-of-service attack hole discovered in Apache servers, both of the 1.x and 2.x varieties.

There is an upgrade for Apache that fixes this problem.

FP, is it practical to put together an emergency phpdev update that includes a properly configured Apache server to fix this problem? Your testbed server is popular enough to be listed via PHP.net, so maybe fixing this would be a Good Idea.
__________________
"The first step to confirming there is a bug in someone else's work is confirming there are no bugs in your own."
June 30, 2001
author, Verbosio prototype XML Editor
author, JavaScript Developer's Dictionary
https://alexvincent.us/blog
Alex Vincent is offline   Reply With Quote
Old 06-23-2002, 06:11 AM   PM User | #2
jkd
Senior Coder

 
jkd's Avatar
 
Join Date: May 2002
Location: metro DC
Posts: 3,163
Thanks: 1
Thanked 18 Times in 18 Posts
jkd will become famous soon enough
http://httpd.apache.org/

Not a DoS problem, almost something Microsoft-esque actually, allowing you to run code at the level of Apache's user, which in Windows is bad, and in *nix can be a problem, but not as easily.
__________________
jasonkarldavis.com
jkd is offline   Reply With Quote
Old 06-24-2002, 03:54 AM   PM User | #3
firepages
Super Moderator


 
Join Date: May 2002
Location: Perth Australia
Posts: 3,890
Thanks: 5
Thanked 79 Times in 78 Posts
firepages will become famous soon enough
Hi, cheers Alex

as it happens dev5 is just around the corner with 1.3.24 (now .26 ) & apaxhe2.0.36 (now .39) so I will not be doing anything as such about existing versions except send an advisory to those who choose to receive notification when downloading phpdev & I will put a note on the site as well.

on windows unless you have MSVCC etc applying a patch is not an option and a full upgrade of the server is required.

dev5 is structured differently in that it will be possible in the future to 'upgrade' rather than download everything and start again so issues like this should not be such a pain in the butt.

As for the exploit itself... I have had a grope around and have yet to find an example of the exploit at kiddie level although I am sure it will turn up eventually - security-space reckon a couple of days for the pros
__________________
resistance is...

MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)
firepages is offline   Reply With Quote
Reply

Bookmarks

Jump To Top of Thread


« Previous Thread | Next Thread »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 11:27 PM.
Advertisement
Log in to turn off these ads.