In response to Jonathan Horne <[EMAIL PROTECTED]>: > i would really prefer awstats, but its been > in "command injection" limbo forever.
awstats isn't nearly as dangerous as the advisories make it out. The last few security problems only apply to systems where awstats is configured to allow you to updated the statistics from the web browser. This is not the default configuration on FreeBSD. Personally, I don't need "up to the minute" stats, so all the machines it runs on for me just update it from cron every night. In that configuration, it's not vulnerable to anything. I believe this has been the case with the last 2 or 3 security problems that have been announced for awstats. I'm not aware of any security issues if you have the web-update disabled. -- Bill Moran Collaborative Fusion Inc. _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"