Re: full disclosure, or not?

To: debian security <debian-security@lists.debian.org>
Subject: Re: full disclosure, or not?
From: Florian Weimer <fw@deneb.enyo.de>
Date: Mon, 28 Jun 2004 07:37:07 +0200
Message-id: <[🔎] 87fz8gkzuk.fsf@deneb.enyo.de>
In-reply-to: <[🔎] 20040627203833.GB4404@cirrus.madduck.net> (martin f. krafft's message of "Sun, 27 Jun 2004 22:38:33 +0200")
References: <[🔎] 20040626123902.GA4616@cirrus.madduck.net> <[🔎] 20040626195501.GA6416@home> <[🔎] 20040627114345.GF1074@cirrus.madduck.net> <[🔎] 40DEE6A1.7050107@hot.rr.com> <[🔎] 20040627203833.GB4404@cirrus.madduck.net>

* martin f. krafft:

> How does a firewall help? If the mission-critical server needs to
> provide HTTP access, the firewall will have port 80 open.

There are gateways which can filter at the HTTP level.  Most of them
don't have fewer security bugs than Apache, but they often help
against cross-site scripting and SQL injection attacks against
applications running on that web server.

Reply to:

References:
- full disclosure, or not?
  - From: martin f krafft <madduck@debian.org>
- Re: full disclosure, or not?
  - From: Horst Pflugstaedt <Pfaedt@uni-duisburg.de>
- Re: full disclosure, or not?
  - From: martin f krafft <madduck@debian.org>
- Re: full disclosure, or not?
  - From: Tucker Hermans <thermans@hot.rr.com>
- Re: full disclosure, or not?
  - From: martin f krafft <madduck@debian.org>

Prev by Date: Re: full disclosure, or not?
Next by Date: Re: [bulletproof.net.au #29025] [Comment] [SECURITY] [DSA 525-1] New apache packages fix buffer overflow in mod_proxy
Previous by thread: Re: full disclosure, or not?
Next by thread: Re: full disclosure, or not?
Index(es):
- Date
- Thread