Re: default Apache configuration

To: Ralf Dreibrodt <ralf@dreibrodt.de>
Cc: debian-security@lists.debian.org
Subject: Re: default Apache configuration
From: Thomas Thurman <tjat2@thurman.org.uk>
Date: Tue, 12 Mar 2002 14:21:14 +0000 (GMT)
Message-id: <[🔎] Pine.LNX.4.21.0203121418330.26051-100000@pinkstuff.transformers.org.uk>
In-reply-to: <[🔎] 3C8E0C63.20AC508A@dreibrodt.de>

On Tue, 12 Mar 2002, Ralf Dreibrodt wrote:
> tail -n 1 /var/log/apache/access.log
> 127.0.0.1 - - [12/Mar/2002:13:53:15 +0100] "GET
> /cgi-bin/login.pl?user=admin&password=tztztz HTTP/1.1" 200 148
> 
> to whom belongs this problem?
> 
> the programmer, who used GET for a login or the sysadmin who shows every
> ordinary user the GET-request?

The programmer. There's no reason I know why the logs shouldn't be made
public to the users. (Though if security was _that_ important for whatever
it is that this password is for, it should be using apache-ssl, not
apache.)

> btw, i think the apache-paket is not useable for a webhosting-server
> (e.g frontpage is missing, security is in general too bad), so i normaly
> do not use it.

Meep. You said frontpage.
*hides*

T

Reply to:

Follow-Ups:
- Re: default Apache configuration
  - From: Ralf Dreibrodt <ralf@dreibrodt.de>

References:
- default Apache configuration
  - From: Ralf Dreibrodt <ralf@dreibrodt.de>

Prev by Date: default Apache configuration
Next by Date: Re: default Apache configuration
Previous by thread: default Apache configuration
Next by thread: Re: default Apache configuration
Index(es):
- Date
- Thread