On Fri, Dec 29, 2006 at 07:30:12AM +0100, Antoine Jacoutot wrote: > pkg/DESCR > Hiawatha is a secure webserver for Unix. It has been written with 'being > secure' as its main goal. Hiawatha has many security features that no > other webserver has. > Hiawatha does not have all the fancy features, but it is very secure and > fast and is really easy to configure. Rootjail, run CGIs under any > uid/gid you want, prevention of SQL injection and cross-site scripting, > banning of clients who try such exploits and many other features make > Hiawatha an interesting webserver for those who need more security than > what the other available webservers are offering. > > Tested under i386, sparc64 and macppc. > comments? ok?
I'll try to give it a spin tomorrow, but I find it hard to reconcile the above with http://marc.theaimsgroup.com/?l=openbsd-ports&m=116722882621269&w=2 (Marc Espie (espie@) says he is 'shuddering about what a full scale audit would reveal'). Even if you disagree with Marc, wouldn't it be a good idea to have some warning somewhere - perhaps in a SECURITY file? Joachim