WebApp Sec mailing list archives

RE: htaccess with apache

From: Tim Greer <chatmaster () charter net>
Date: 11 Nov 2003 14:56:22 -0800

On Mon, 2003-11-10 at 10:35, Dinis Cruz wrote:

Very interesting thread, unfortunately I can't add my ideas and
suggestions since currently I'm more involved with Asp.Net and IIS
security.

But it seams to me that given the complexity of web application
deployment is it a certainty that configuration errors will occur (event
the most experiment and competent sysadmins make occasional mistakes).

I think that the best solution is to have tools that test the servers
security configuration (from the inside) and help those administrators
to fix the problems identified.

I created such tool for the IIS environment (Asp.Net Security Analyser),
and would be very interested to know if anybody as developed a similar
tool for the Linux/Apache environments.

Best regards


There's nothing predefined to test for or to determine the impact of it,
but it would certainly be fairly easy to take arguments and change the
values to see if it outputs or does what you want and maybe (maybe) get
an idea of how far it could go or if it's an issue.
-- 
Tim Greer <chatmaster () charter net>

Current thread:

Re: htaccess with apache, (continued)
- Re: htaccess with apache Vladimir Danilyuk (Nov 04)
- Re: htaccess with apache Tim Greer (Nov 04)
- Re: htaccess with apache Peter Conrad (Nov 04)
- Re: htaccess with apache Lucas Holt (Nov 04)
- Re: htaccess with apache Cameron Green (Nov 04)
- RE: htaccess with apache Anonymous Sender (Nov 04)
- RE: htaccess with apache Maxim Kostioukov (Nov 04)
- RE: htaccess with apache MTeixeira (Nov 05)
  - RE: htaccess with apache Tim Greer (Nov 05)
  - RE: htaccess with apache Dinis Cruz (Nov 11)
    - RE: htaccess with apache Tim Greer (Nov 11)