Vulnerability Development mailing list archives
Re: Apache ap_getpass vulnerability
From: Carson Gaspar <carson () taltos org>
Date: Sat, 4 Nov 2000 21:28:51 -0800
--On Saturday, November 04, 2000 6:36 PM +0200 Peter Pentchev <roam () ORBITEL BG> wrote:
You mean you're writing an Apache module that reads user input at the time the server is starting?.. Does this mean that the server startup itself becomes interactive? This pretty much rules out unattended Apache startup - you need to start the server manually each time it dies; also, it cannot be put in the system's startup scripts. IMHO, this is not such a good idea :(
Having your private key stored un-encrypted on disk is also a really bad idea. You have to decide how you're going to trade-off operational complexity vs. security. -- Carson Gaspar -- carson () taltos org Queen Trapped in a Butch Body
Current thread:
- Apache ap_getpass vulnerability Simon Tamás (Nov 02)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 03)
- Re: Apache ap_getpass vulnerability Simon Tamás (Nov 03)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 04)
- Re: Apache ap_getpass vulnerability Pavel Kankovsky (Nov 05)
- Re: Apache ap_getpass vulnerability Simon Tamás (Nov 07)
- Re: Apache ap_getpass vulnerability Peter Pentchev (Nov 05)
- Re: Apache ap_getpass vulnerability Simon Tamás (Nov 04)
- Re: Apache ap_getpass vulnerability Peter Pentchev (Nov 05)
- Re: Apache ap_getpass vulnerability Carson Gaspar (Nov 06)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 06)
- Re: Apache ap_getpass vulnerability Carson Gaspar (Nov 06)
- Re: Apache ap_getpass vulnerability Michael H. Warfield (Nov 07)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 07)
- Re: Apache ap_getpass vulnerability Lincoln Yeoh (Nov 08)
- Re: Apache ap_getpass vulnerability Bluefish (P.Magnusson) (Nov 10)
- Re: Apache ap_getpass vulnerability Simon Tamás (Nov 03)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 03)
- Re: Apache ap_getpass vulnerability Bluefish (P.Magnusson) (Nov 06)