A patch was submitted last week which may be of interest to
server administrators looking to deploy Digest-based
authentication. As covered last
year, there is a bug in the Digest authentication code
in Microsoft Internet Explorer, causing requests which use a
query string to fail if under Digest protection. Paul Querna,
developer of the mod_authn_dbi
module, has developed a
BrowserMatch-based workaround for this
issue; relaxing the check to allow MSIE to authenticate
correctly without compromising security for other browsers.
Some patches have been committed recently to improve
mod_dav's performance and memory use when
generating PROPFIND responses. The code has been
changed to stream the responses straight to the client rather
than batching them up in memory.
Also this week, Jim Jagielski
proposed to begin the 1.3.28 release process, and there was a
hint that 2.0.47 might not be so far off.
The Apache Software Foundation held an annual members meeting
this week. The meeting was the first to take place virtually,
being held via IRC, and prompted a healthy turn out with well over half
of the 89 ASF members attending.
A secret ballot was held to elect the new board
of directors of the ASF as well as to elect a number of new ASF
members. There were twelve nominations for directors, with nine
positions available, and for the first time the single
transferable vote mechanism was used to give a much fairer
vote.
All the previous directors were re-elected apart from Bill Stoddard
who was replaced by Mark Cox. The new board
comprises of Brian Behlendorf, Ken Coar, Mark Cox, Roy T. Fielding,
Dirk-Willem van Gulik, Jim Jagielski, Ben Laurie, Sam Ruby, and Greg
Stein.
In this section we highlight some of the articles on the web
that are of interest to Apache users.
Linux vendor Red Hat posted a short article about backporting
of security patches. It explains
why vendors don't always upgrade their distributions to the latest
software releases using Apache as an example
In this tutorial entitled
"Staying Out of Deep Water: Performance Testing Using HTTPD-Test's Flood",
Martin Brown shows us how to install, configure, and test
Flood - a profile-driven HTTP load tester. He provides three sets of
different settings for Flood to simulate the effect of requests for
news-style, shopping, and "Slashdotted" Web sites.
Two opposing book reviews on "Web
Hacking: Attacks and Defense" can be found at Help Net
Security and Linux
Gazette. A sample of
chapter 10 is available to be downloaded in pdf format.
You may also be interested to read a review on "Intrusion
Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache,
MySQL, PHP, and ACID".
If you do not know James,
"Working with James, Part 1"
and
"Part 2"
will get you on intimate terms with the Java Apache Mail
Enterprise Server in no time at all. The former introduces you to
James while the latter talks about building e-mail based
applications with matchers and mailets.