In response to Jonathan Horne <[EMAIL PROTECTED]>:

> i would really prefer awstats, but its been 
> in "command injection" limbo forever.

awstats isn't nearly as dangerous as the advisories make it out.  The
last few security problems only apply to systems where awstats is
configured to allow you to updated the statistics from the web browser.
This is not the default configuration on FreeBSD.  Personally, I don't
need "up to the minute" stats, so all the machines it runs on for me
just update it from cron every night.  In that configuration, it's not
vulnerable to anything.

I believe this has been the case with the last 2 or 3 security problems
that have been announced for awstats.  I'm not aware of any security
issues if you have the web-update disabled.

Bill Moran
Collaborative Fusion Inc.
_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to