DevShed: Webserver Security (Part I) | Linux Today

DevShed: Webserver Security (Part I)

Written By
KK
Kristian Köhntopp
Apr 20, 2000

[ Thanks to Randy
Cosby
for this link. ]

“If you examine the security problems reported with stolen
credit card numbers or web server defacements in the last few
months, it becomes obvious that many web applications have been
slapped together with little care or planning for security.
What are the most common problems leading to insecure
webservers and how does one avoid them? How can one as a customer
or end user recognize if a server fullfills the most elemental
security requirements?”

“An analysis of the reported security flaws shows that most
problems belong into one of three categories:

  • The server offers services to the public it was not intended to
    offer.
  • The server keeps supposedly private data in publicly accessible
    areas.
  • The server trusts data from untrustworthy sources.”

“Obviously many server operators have never had a look at their
machines from the outside, for example with a port scanner. If they
had, they would not be operating so many services on their machines
which have no place on a production server or which need not be
accessible from all IP addresses. One promiment example was
featured on the Heise newsticker. This particular server, a german
bookstore, was being operated completely without a firewall (“for
performance reasons”) and exported several filesystems via Sun
Network Filesystem world writeable. Their Oracle database was
connectable from everywhere, too. For increased convenience,
passwords for Oracle connections were stored in scripts available
from the exported network drives. Could this be your server? Have
you looked recently?”

Complete
Story

KK

Kristian Köhntopp

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.