[Seaside] Deployment question: Anyone using modSecurity (or
equiv) to ensure hackers keep out of Seaside?
Rick Flower
rickf at ca-flower.com
Mon Feb 16 17:52:21 UTC 2009
On Mon, February 16, 2009 9:44 am, Randal L. Schwartz wrote:
> Since Seaside doesn't have any of the things listed at
> http://www.modsecurity.org/documentation/Securing_Web_Services_with_ModSecurity_2.0.pdf,
> namely:
>
> Variable-length buffer injection
> Meta character injection
> SQL injection
> SOAP fault code disclosure
>
> I'm not sure why you think modsecurity would help.
Well.. Without knowing what the internals of Seaside are doing (and I'm
frankly not that interested in knowing -- too many other things to do) or
how they're written, I couldn't answer those questions.. Hence my post to
the list.
Thank you for pointing out that Seaside is not vulnerable to any of
the exploits that are listed above.. That's good to know.
However, it does not solve my issue since I do have Apache installed and
will continue to have at least some PHP code for other things
(Squirrelmail,etc) lying around. Perhaps this is true for others as
well.. Regardless I guess its good to be kept on your toes for this sort
of thing..
-- Rick
More information about the seaside
mailing list