Re: apache security issue (with upstream new release)
On Sat, Nov 01, 2003 at 07:49:30PM -0500, Phillip Hofmeister wrote:
>
> If you are really looking for assurance than 'rm -rf /' would not affect
> your day because weekly full backups and nightly incremental should be
> made. If you don't have valid off system, perhaps off-site backups,
> then what kind of assurance do you really have?
Fixing bogus user apps and taking backups on regular basis are
two orthogonal approaches. I'm sure you remember the recent debate
about the meaning of `security'. The former is a preventive,
while the latter is a corrective measure.
Moreover, not only data manipulation can be performed by the means
of an exploited user app. For instance, sending funny faked emails
to your manager can be quite embarrassing just as well :)
bit,
adam
--
1024D/37B8D989 954B 998A E5F5 BA2A 3622 82DD 54C2 843D 37B8 D989
finger://borso@vekoll.vein.hu | Some days, my soul's confined
http://www.keyserver.net | And out of mind
Sleep forever
Reply to: