-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 30 Nov 2005 10:03:14 +1100 Geoff Crompton <[EMAIL PROTECTED]> wrote:
> Is there any chance of configuring the awstats package so that by > default it sets up to run a regular cron job to build static html > files of the stats, rather than running as a cgi? That's my opinion as well. Just haven't yet taken time to implement that change. > We've seen several awstats vulnerabilities, and it is my opinion that > there are likely to be more found. While building static html files > doesn't exclude Debian users from all the risks, it does reduce the > exposure. Agree. > I know that there will always be people who want to run it as a cgi, > and I'm not suggesting you prevent that. But if you dropped a cronjob > in /etc/cron.hourly, which checked /etc/defaults/awstats for a > variable to decide if that cron job should actually do stuff (so it > could easily be turned off by an administrator), then that would be > good wouldn't it? Ahh - good idea. this perhaps also could please those in favor of a more complex cron job... - Jonas - -- * Jonas Smedegaard - idealist og Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ - Enden er nær: http://www.shibumi.org/eoti.htm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDjOXBn7DbMsAkQLgRAr6fAJwL7eagHRzWQCytSuFYikfddOXXjgCbB+8A j0/x4xvHSUWjOmrXIcU5jWI= =6E5b -----END PGP SIGNATURE-----