Security Issues

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
Guest
Guest





PostPosted: Tue Oct 08, 2002 11:13 pm    Post subject: Security Issues Reply with quote

Hi All,

I'd like to run this server on my personal machine at home, but am a little worried about the security aspects. In particular, how easy is it for an accomplished hacker to be able to use a web server to retrieve other files from the web server machine.

For instance, if I put all my files in
c:\website\htdocs,
how likely is it that a knowledgeable user could retrieve files from outside this folder.

Regards,
Chris.
Back to top
feamsr00
-


Joined: 04 Jun 2002
Posts: 138
Location: Phila PA

PostPosted: Thu Oct 10, 2002 5:14 am    Post subject: Reply with quote

I have had AWS as my web server since early this year. Out of all the things I have heard about it, I have only seen 1 security flaw. And that was "a coding issue" that Aprelium corrected just as fast, if not faster, then any other problem they find out about here. I have even subjected AWS to stress testing (usally intiated as a DOS attack). Other than machine instability when requesting a insainly high requestes for CGI scripts, wich I view as a machine/OS issue, the server apeared to the avrage user to simply keep working. There was a slight slow down although it seemed the server killed any connections that connect too many times because on the same computer I started the attack on, I could not connect for about 30 seconds or so. However I could still connect from the other machine. I did set the maximum connections to a high number, but the server still seemed to kill the attack.
The only issue that might be considered a hole is the console. First off you can change the port to anything you want, that way you dont have to worry about scans. Second is the lack of logging, but Aprelium said that they would fix that in the next version, so that will soon be void.
I must say that Aprelium has made THE best personal webserver I have ever seen and I would recomend it to any medium volume personal site or low volume comercial site.
Back to top View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Guest






PostPosted: Thu Oct 10, 2002 5:24 am    Post subject: Reply with quote

btw the "coding issue" allowed a special url to be passed that circumvented directory checking and retrived the configuration file.
(I would have put this in the post but editing is off.....)
Back to top
aprelium
-


Joined: 22 Mar 2002
Posts: 6800

PostPosted: Thu Oct 10, 2002 1:53 pm    Post subject: Re: Security Issues Reply with quote

Guest wrote:
Hi All,

I'd like to run this server on my personal machine at home, but am a little worried about the security aspects. In particular, how easy is it for an accomplished hacker to be able to use a web server to retrieve other files from the web server machine.

For instance, if I put all my files in
c:\website\htdocs,
how likely is it that a knowledgeable user could retrieve files from outside this folder.

Regards,
Chris.

The web server is designed in order to serve only files you told him to serve. Many major security and hacking groups are testing and trying to detect flaws in the server. But up to now, we received only 2 reports from them and they were minor flaws that were immediatly fixed.
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group