NYCPHP Meetup

NYPHP.org

[nycphp-talk] mod_security

John Lacey jlacey at ix.netcom.com
Tue Jun 10 14:21:10 EDT 2003


just curious... what other formats, besides .pdf, do you prefer and why?

thanks
John


----- Original Message -----
From: "Analysis & Solutions" <danielc at analysisandsolutions.com>
To: "NYPHP Talk" <talk at nyphp.org>
Sent: Tuesday, June 10, 2003 10:26 AM
Subject: Re: [nycphp-talk] mod_security


Hi Chris:

On Tue, Jun 10, 2003 at 09:50:54AM -0400, Chris Snyder wrote:
> Is anybody on the list using mod_security? Thoughts? Performance?
> http://www.modsecurity.org

Interesting.  I just took a look at the site.  The documentation, which
is
unfortunately only in pdf, could provide better detail on how the thing
operates.

Sanitizing and validating input is so very important, and by the number
of
items showing up on bugtraq, is too often overlooked.  My Form Solution
class, http://www.analysisandsolutions.com/software/form/, helps with
that
a bit.


> In the latest version you can
> apparently chroot the environment in which scripts are run:
> http://www.modsecurity.org/documentation/apache-internal-chroot.html

It sounds like they're talking about chrooting Apache itself via this
module, without having to rely on chrooting via the operating system.
But, what if their module or apache gets circumvented somehow?  Then the
attacker is home free.

Enjoy,

--Dan

--
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


--- Unsubscribe at http://nyphp.org/list/ ---






More information about the talk mailing list