Vulnerability Development mailing list archives

Re: Apache ap_getpass vulnerability

From: Carson Gaspar <carson () taltos org>
Date: Sat, 4 Nov 2000 21:28:51 -0800

--On Saturday, November 04, 2000 6:36 PM +0200 Peter Pentchev
<roam () ORBITEL BG> wrote:

You mean you're writing an Apache module that reads user input at
the time the server is starting?..  Does this mean that the server
startup itself becomes interactive?  This pretty much rules out
unattended Apache startup - you need to start the server manually
each time it dies; also, it cannot be put in the system's startup
scripts.  IMHO, this is not such a good idea :(


Having your private key stored un-encrypted on disk is also a really bad
idea. You have to decide how you're going to trade-off operational
complexity vs. security.

--
Carson Gaspar -- carson () taltos org
Queen Trapped in a Butch Body

Current thread:

Apache ap_getpass vulnerability Simon Tamás (Nov 02)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 03)
  - Re: Apache ap_getpass vulnerability Simon Tamás (Nov 03)
    - Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 04)
    - Re: Apache ap_getpass vulnerability Pavel Kankovsky (Nov 05)
    - Re: Apache ap_getpass vulnerability Simon Tamás (Nov 07)
    - Re: Apache ap_getpass vulnerability Peter Pentchev (Nov 05)
    - Re: Apache ap_getpass vulnerability Simon Tamás (Nov 04)
    - Re: Apache ap_getpass vulnerability Peter Pentchev (Nov 05)
    - Re: Apache ap_getpass vulnerability Carson Gaspar (Nov 06)
    - Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 06)
    - Re: Apache ap_getpass vulnerability Carson Gaspar (Nov 06)
    - Re: Apache ap_getpass vulnerability Michael H. Warfield (Nov 07)
    - Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 07)
    - Re: Apache ap_getpass vulnerability Lincoln Yeoh (Nov 08)
    - Re: Apache ap_getpass vulnerability Bluefish (P.Magnusson) (Nov 10)
    - Re: Apache ap_getpass vulnerability Bluefish (P.Magnusson) (Nov 06)