View previous topic :: View next topic |
Author |
Message |
Guest Guest
|
Posted: Tue Oct 08, 2002 11:13 pm Post subject: Security Issues |
|
|
Hi All,
I'd like to run this server on my personal machine at home, but am a little worried about the security aspects. In particular, how easy is it for an accomplished hacker to be able to use a web server to retrieve other files from the web server machine.
For instance, if I put all my files in
c:\website\htdocs,
how likely is it that a knowledgeable user could retrieve files from outside this folder.
Regards,
Chris. |
|
Back to top |
|
|
feamsr00 -
Joined: 04 Jun 2002 Posts: 138 Location: Phila PA
|
Posted: Thu Oct 10, 2002 5:14 am Post subject: |
|
|
I have had AWS as my web server since early this year. Out of all the things I have heard about it, I have only seen 1 security flaw. And that was "a coding issue" that Aprelium corrected just as fast, if not faster, then any other problem they find out about here. I have even subjected AWS to stress testing (usally intiated as a DOS attack). Other than machine instability when requesting a insainly high requestes for CGI scripts, wich I view as a machine/OS issue, the server apeared to the avrage user to simply keep working. There was a slight slow down although it seemed the server killed any connections that connect too many times because on the same computer I started the attack on, I could not connect for about 30 seconds or so. However I could still connect from the other machine. I did set the maximum connections to a high number, but the server still seemed to kill the attack.
The only issue that might be considered a hole is the console. First off you can change the port to anything you want, that way you dont have to worry about scans. Second is the lack of logging, but Aprelium said that they would fix that in the next version, so that will soon be void.
I must say that Aprelium has made THE best personal webserver I have ever seen and I would recomend it to any medium volume personal site or low volume comercial site. |
|
Back to top |
|
|
Guest
|
Posted: Thu Oct 10, 2002 5:24 am Post subject: |
|
|
btw the "coding issue" allowed a special url to be passed that circumvented directory checking and retrived the configuration file.
(I would have put this in the post but editing is off.....) |
|
Back to top |
|
|
aprelium -
Joined: 22 Mar 2002 Posts: 6800
|
Posted: Thu Oct 10, 2002 1:53 pm Post subject: Re: Security Issues |
|
|
Guest wrote: | Hi All,
I'd like to run this server on my personal machine at home, but am a little worried about the security aspects. In particular, how easy is it for an accomplished hacker to be able to use a web server to retrieve other files from the web server machine.
For instance, if I put all my files in
c:\website\htdocs,
how likely is it that a knowledgeable user could retrieve files from outside this folder.
Regards,
Chris. |
The web server is designed in order to serve only files you told him to serve. Many major security and hacking groups are testing and trying to detect flaws in the server. But up to now, we received only 2 reports from them and they were minor flaws that were immediatly fixed. _________________ Support Team
Aprelium - http://www.aprelium.com |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|