Linux Today: Linux News On Internet Time.

eWeek: Apache avoids most security woes

Jul 24, 2001, 15:40 (11 Talkback[s])
(Other stories by Timothy Dyck)

eWeek offers a look at Apache's solid security record ( "the server's last serious problem (one where remote attackers could run arbitrary code on the server) was announced in January 1997") and examines the reasons behind its success. Open source, says the article, doesn't acount for as much as good design and a usable configuration process:

"...Why has Apache done so well and IIS fared so poorly?

Having published source code helps but isn't enough on its own-the widely used Berkeley Internet Name Domain Name server from Internet Software Consortium Corp. and Washington University's FTP server also have source code available, but both have poor security records.

Going over Apache's security advisories back to the server's Version 1.0 days shows that the secret-in addition to solid coding and scrutiny-lies in a minimalist design, careful attention to detail and a configuration process that makes it easy for administrators to know what's going on."

Complete Story

Related Stories: