An worm that exploits the recent OpenSSL
security issues was found in the
wild this week. This particular exploit
looks for Apache servers
running a vulnerable version of OpenSSL
and uses compromised hosts to
find others, in turn building a large platform for distributed
denial-of-service attacks. Patched versions of OpenSSL have been
available from the OpenSSL group and from OS vendors for some time so if
you've been putting off upgrading you ought to do it now - you may already
be too late.
The Apache 2.0 CVS tree has been tagged in preparation for a 2.0.41
release; as usual the live server at apache.org has been updated to
run the new code, and no new problems have been found as of yet.
The changes in the new release include many improvements and
fixes to the 2.0 caching modules, and several performance fixes. The
stylesheets used to produce the HTML documentation have been updated to give a
greatly improved presentation, which can already be viewed on-line.
The usually good relationship between Covalent and the Apache Software
Foundation showed signs of strain this week after a proposal was made
by Covalent developer Jon Travis to donate code to the ASF. Covalent
were offering an HTML parser dubbed "El-Kabong" which they had found
useful in writing Apache 2.0 filters which modify HTML content. After
two weeks passed with no decision by the ASF on whether or not (and how) to accept the
"El-Kabong" code, the discussion began to turn sour, as the ASF
offered to accept the code donation but without giving CVS commit
access to Jon. The negotiations broke down at that point, and Jon
decided to host the "El-Kabong" code at SourceForge instead.
mod_python was donated to the Apache
Software Foundation earlier this week. mod_python
does for Python what mod_perl did for Perl: it embeds
a Python interpreter in the server allowing modules to be written in
Python. mod_python is currently stable on Apache 1.3 and
beta on Apache 2.0. It is hoped that its adoption by the ASF will
encourage wider adoption and hasten a stable
mod_python for Apache 2.0.
According to the August surveys from
mod_perl is now installed on just over 36% of
Apache sites surveyed, thats up by 20% in one month. Meanwhile use of
PHP has slipped a few percentage points, now down to just over 38% of sites.
Will mod_perl overtake PHP next month?
In this section we highlight some of the articles on the web that are of
interest to Apache users.
"Securing dynamic Web content"
shows you how to secure dynamic content on an Apache Web server
version 1.3. It covers common security risks encountered when
implementing CGI (Common Gateway Interface) applications and
SSI (Server Side Includes) web pages, and includes two popular CGI
wrappers namely suEXEC and CGIWrap.
The Developer Shed continues with the second
("Designing For Simplicity")
("Coding To A Plan")
installments of the series on Web applications entitled "The Art Of
Software Development". Part II walks you through the steps of
designing the architecture of your application from the user
requirements you have obtained from Part I. The deliverables from
this phase are a project implementation plan, a software design
document, a user interface design document, an acceptance test
plan, and also a user interface prototype. Part III zooms in on the
coding by providing some common techniques and approaches such
as setting up naming conventions and coding standards before you
begin, ensuring that the programs are modular, using a version
control system, developing the Web application in a portable and
maintainable fashion, and having frequent code inspections and
For those who still can't make up their mind whether or not to buy
"Professional Apache 2.0" after reading
our review, you
may be interested to read another
of the book. It is written by Robert Nagle and hosted on the Idiotprogrammer website.
We don't do this very often, but we've a favour to ask. Apache
Week is produced by Red Hat and we're extremely grateful to get the
weight of Red Hat resources behind us whilst still being able to
remain independent. Anyway, Red Hat are doing a survey of what people
think about Red Hat and the brand. We'd love to get your
views on Red Hat so we've set up a version of the survey
just for Apache Week readers - all responses are anonymous.
Take the brand survey