[nycphp-talk] mod_security
John Lacey
jlacey at ix.netcom.com
Tue Jun 10 14:21:10 EDT 2003
just curious... what other formats, besides .pdf, do you prefer and why?
thanks
John
----- Original Message -----
From: "Analysis & Solutions" <danielc at analysisandsolutions.com>
To: "NYPHP Talk" <talk at nyphp.org>
Sent: Tuesday, June 10, 2003 10:26 AM
Subject: Re: [nycphp-talk] mod_security
Hi Chris:
On Tue, Jun 10, 2003 at 09:50:54AM -0400, Chris Snyder wrote:
> Is anybody on the list using mod_security? Thoughts? Performance?
> http://www.modsecurity.org
Interesting. I just took a look at the site. The documentation, which
is
unfortunately only in pdf, could provide better detail on how the thing
operates.
Sanitizing and validating input is so very important, and by the number
of
items showing up on bugtraq, is too often overlooked. My Form Solution
class, http://www.analysisandsolutions.com/software/form/, helps with
that
a bit.
> In the latest version you can
> apparently chroot the environment in which scripts are run:
> http://www.modsecurity.org/documentation/apache-internal-chroot.html
It sounds like they're talking about chrooting Apache itself via this
module, without having to rely on chrooting via the operating system.
But, what if their module or apache gets circumvented somehow? Then the
attacker is home free.
Enjoy,
--Dan
--
FREE scripts that make web and database programming easier
http://www.analysisandsolutions.com/software/
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
--- Unsubscribe at http://nyphp.org/list/ ---
More information about the talk
mailing list