Excerpts from Programação-Fabrício's message of 2013-02-18 12:10:44 -0800: > I was thinking if I install the varnish in a SERVER X and host my files in > another server SERVER Y, will I have more security? or it not make sense. > I have so many problem with malwares in wordpress.
Wordpress has lots of issues because the people writing Wordpress plugins are usually not terribly educated in web security. Varnish, otoh, has very smart and experienced people working on it. It's also naturally less vulnerable due to the kinds of things it does - SQL injection and XSS (by far the two most common web vulnerabilities) just don't apply. Varnish is only pulling minimal information out of requests, and don't execute them directly or any such nonsense. Separating out services will always lead to some additional level of security (after all, someone *could* find a bug in Varnish that leads to arbitrary code execution), but I wouldn't (and don't) worry about it. - P _______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
