Support for Apache 2.0 on IBM's iSeries platform was
under discussion this week, after some initial patches for a port were
sent in by a contributor. It has been known since
August this year that IBM have
successfully ported 2.0 to this platform - although little code has
been submitted back in this area so far, developers from IBM pledged
that they will work on it.
Binary packages are starting to be being made available for the
2.0.28 beta release announced last week, in RPM, Debian and
FreeBSD port formats. There was some discussion between the package
maintainers on how to choose consistent locations for configuration
In other news: a new look for the httpd.apache.org Apache
developers' site went live this week; this was implemented using the
XML transformation language. New committer Brian Pane made his first
checkins to the 2.0 tree this week, with several more performance
Confused about Apache vulnerabilities? It seems the media are, as we've
been sent links to several stories over the last month that have
directly compared vulnerabilities
in Apache to those found in IIS. There is no single place you can
get a list of all Apache vulnerabilities, so we have
compiled our own. The list shows
security vulnerabilities found in Apache 1.3 and is based on notifications and
descriptions we've published in earlier issues, cross referenced to the
Apache CHANGES file and the
The result is a Overview of security vulnerabilities in Apache httpd 1.3
In summary, there have been a number of bugs that let you get access to directory
listings of files in your document root, a few bugs that could help
denial of service attacks, and a few bugs that could let remote attackers view
any file on the server. Fortunately these latter bugs require specific Apache
configurations and don't affect default server installations. Contrast
the Apache vulnerabilities to those in other servers such as IIS, where remote
attackers can gain complete control of a vulnerable machine.
In this section we highlight some of the articles on the web that are of
interest to Apache users.
security holes when developing an application - Part 6: CGI
scripts" explores a few examples of poorly written Perl scripts
which are vulnerable to security compromises. Before delving into
the code, it gives an overview of how a web server works and
explains about server-side includes (SSIs) for Apache. Perl
developers are advised to use the "warning" option, "taint mode"
option, and to specify "use strict" at the beginning of their Perl
15: Accessing PostgreSQL from PHP" of "Beginning Databases with
PostgreSQL" (Wrox Press, 2001) by permission.
This excerpt covers enabling PostgreSQL support
in PHP 4, PHP functions for PostgreSQL, query manipulation,
resultsets, error handling, and the PEAR database abstraction
article talks briefly about how to ensure that your Sun
Crypto Accelerator Board 1 is working with Apache and mod_ssl.
It points out the differences between this card
and the Rainbow CS-200 card. Without going into any details about
the configuration, it just provides you with an idea of the things to
look out for when using this card.
We started a competition last week to give away ten unique
feather metal brooches. It seems that by making the question
harder than normal we scared away our entrants, under 140
correct answers so far; so at the moment the odds of winning
are better than 14:1!
For a chance to get your hands on this unique gift just
answer the following question (the news story linked from the
question might help).
In the UK series of books
the Mr Men, Mr Tickle was known for
A) impossibly long arms used for tickling people,
B) a nose that extends when he tells a lie, or
C) being grumpy
Send your answer (A, B, or C) to email@example.com to
reach us no later than 25th November 2001.
Your e-mail address
will not be used for anything other than to let you know if
you won. Ten winners will be drawn at random
from all correct entries
submitted, we disqualify people who make more than one entry,
no cash alternative, void where prohibited, items will be
sent from Australia so the recipient may be liable for
customs duty or VAT on import, winners will be asked to
choose which feather they wish to receive from
codes APAg, APAs, APAq, APAx, APSg, APSs,
APSq, APSx. Editors' decision is final.