Am 09.04.2014 13:53, schrieb Graham Leggett: > On 09 Apr 2014, at 1:48 PM, Reindl Harald <h.rei...@thelounge.net> wrote: >> after update openssl and re-new all certificates one question >> remains: in case of httpd-prefork would a attacker only have >> been able to compromise the private key and data of his >> worker-process or as well access the memory of other workers? > > In the case of prefork this wouldn't be true, no - they would only be able to > compromise the memory of that process only. They may be able to access > username/passwords from previous requests if they were still visible. > > In the case of the worker and event mpms, the memory of other workers could > be compromised, yes
thanks a lot - this makes my sleep so much better and i am happy to use httpd-prefork everywhere with all it's disadvantages in context of scalability
signature.asc
Description: OpenPGP digital signature
