----- Original Message -----
From: "Michael T. Babcock" <[EMAIL PROTECTED]>
To: "Otto Goencz" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; "Brian Steele" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Saturday, February 03, 2001 10:58 AM
Subject: Re: Configuration Arguments... In House...
> Otto Goencz wrote:
>
> > Every web server has
> > exploits, however, leaving the server unpached should be blamed on the
admin
> > not on the actual server.
>
> Shipping a webserver that requires that the OS have its files moved to
unknown
> locations to allow the webserver to be secure is silly.
The alternative is even worse, leaving the server vulnerable.
>
> The web server should not allow arbitrary execution of local objects in
the
> first place.
And that fact in itself will secure a web server, right?
Otto
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
