[nycphp-talk] mod_security
Peter Lehrer
pl at eskimo.com
Tue Jun 10 13:55:38 EDT 2003
Dan,
Is your website down?
--Peter
----- Original Message -----
From: "Analysis & Solutions" <danielc at analysisandsolutions.com>
To: "NYPHP Talk" <talk at nyphp.org>
Sent: Tuesday, June 10, 2003 12:26 PM
Subject: Re: [nycphp-talk] mod_security
> Hi Chris:
>
> On Tue, Jun 10, 2003 at 09:50:54AM -0400, Chris Snyder wrote:
> > Is anybody on the list using mod_security? Thoughts? Performance?
> > http://www.modsecurity.org
>
> Interesting. I just took a look at the site. The documentation, which is
> unfortunately only in pdf, could provide better detail on how the thing
> operates.
>
> Sanitizing and validating input is so very important, and by the number of
> items showing up on bugtraq, is too often overlooked. My Form Solution
> class, http://www.analysisandsolutions.com/software/form/, helps with that
> a bit.
>
>
> > In the latest version you can
> > apparently chroot the environment in which scripts are run:
> > http://www.modsecurity.org/documentation/apache-internal-chroot.html
>
> It sounds like they're talking about chrooting Apache itself via this
> module, without having to rely on chrooting via the operating system.
> But, what if their module or apache gets circumvented somehow? Then the
> attacker is home free.
>
> Enjoy,
>
> --Dan
>
> --
> FREE scripts that make web and database programming easier
> http://www.analysisandsolutions.com/software/
> T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
> 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
>
>
> --- Unsubscribe at http://nyphp.org/list/ ---
>
>
More information about the talk
mailing list