OT: Apache Version Used

Cyber Source peter at thecybersource.com
Tue Dec 21 08:47:58 EST 2004


You should heed Brad's advise. I only know Brad briefly but he made a 
really nice presentation once at an nflug meeting and does have alot of 
knowledge when it comes to security. However, I don't think you should 
not make your decision based on the thinking that your safer staying 
with older software (obscurity = security). Software would never advance 
like that and updates are for fixing, amongst other things, security 
holes, bugs, etc.. Apache should also not be blamed for what it has no 
control over, like the php packages on your system. I know this from 
experience as the php packages that came with RH9 rpm's were badly 
broken because I was working with the developer for FreeMED and he 
developed his (php) FreeMED package on a debian box (different php, same 
versioning but compiled differently with the rpm's). So we tried just 
putting his FreeMED package on a FC1 box (same Apache version) and all 
was well. Before I got into RH and FC, I had a Mandrake server get 
hacked because I didn't keep the packages up to date and one of the 
packages had a security hole.
So, I would advise to stay current and edit your /etc/aliases file to 
put a real email address for your root mail on the box (don't forget to 
start sendmail or equiv.) and keep an eye on your logs.

Timothy Domst wrote:

> So since I am planning on a rudimentary server and I have that manual 
> I should just use 1.3 until I have a reason to do otherwise.
>
> On Dec 20, 2004, at 10:03 PM, Brad Bartram wrote:
>
>> Ahh - the old 1 vs 2 debate. ;-)
>>
>> What you use should depend largely on what you are using the server 
>> for. If
>> you are using the server for php or pretty much most of the interpreted
>> langauages like php, the answer is a resounding 1.3. Apache 2 and php 
>> should
>> not be used in a production or live environment due to the security and
>> stability issues that are raised.
>>
>> If you are using Apache with an external interpreter such as Tomcat 
>> or the
>> like, then using Apache 2 is the hands down winner.
>>
>> The reason for the difference is really the same - threads. Apache 2 
>> can use
>> a threaded operation that makes it perfect for a multithreaded 
>> application
>> like tomcat but inherently unsafe for php.
>>
>> Just my $.02
>>
>> And to stay on topic - I use apache as I outlined above. In the rare 
>> instance
>> I need both Tomcat and php support, I either divide the load using
>> redirection and forwarding or if I need it all on one server I sacrifice
>> Tomcat / apache performance and use 1.3 series.
>>
>> brad
>>
>> On Monday 20 December 2004 9:22 pm, Timothy Domst wrote:
>>
>>> Have you ever used 2? Does 1 give you any problems?
>>>
>>> On Dec 20, 2004, at 6:01 PM, Joshua Ronne Altemoos wrote:
>>>
>>>> I use 1.3 becuase that is the default for slack10 which is on my 
>>>> server
>>>>
>>>>
>>>> On Mon, 20 Dec 2004 17:35:24 -0500, Timothy Domst
>>>>
>>>> <timothy.domst at verizon.net> wrote:
>>>>
>>>>> I have SuSE 9.1 installed and it has Apache 2 on it, but I messed up
>>>>> the settings or something. I have a book about Apache 1, and I had it
>>>>> working well before when I had 9.0. Should I just install Apache 1
>>>>> and
>>>>> forget about 2? I would like to know what people with home servers
>>>>> use.
>>>>> i
>>>>> Someone posted a link to Novell a while ago that got people on a list
>>>>> for their Linux Technical Resource Kit. I'd like to thank them
>>>>> because
>>>>> I got one and it's conveniently got a bootable SuSE 9.1 DVD on it.
>>>>> The
>>>>> other stuff is on .iso files, though, and I tried to make bootable 
>>>>> CDs
>>>>> out of them but I couldn't. How do I install these files?
>>>>
>>>>
>>>> -- 
>>>> Have A Good Day,
>>>> Joshua Ronne Altemoos
>>>> joshua.altemoos at gmail.com
>>>
>>



More information about the nflug mailing list