From: Joshua Slive Date: Sat, 30 Nov 2002 02:35:08 +0000 (+0000) Subject: Note in the security docs that people should subscribe to the X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b3af75e3fae6a54e2a9ade998b2c3e86a1320c56;p=apache Note in the security docs that people should subscribe to the announcements list. PR: 14892 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97682 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/misc/security_tips.html.en b/docs/manual/misc/security_tips.html.en index 009edd9d81..3bdef8ed50 100644 --- a/docs/manual/misc/security_tips.html.en +++ b/docs/manual/misc/security_tips.html.en @@ -7,7 +7,26 @@ -->Security Tips - Apache HTTP Server
<-
Apache > HTTP Server > Documentation > Version 2.0 > Miscellaneous Documentation

Security Tips

Some hints and tips on security issues in setting up a web server. Some of the suggestions will be general, others specific to Apache.

-
top
top

Keep up to Date

+ +

The Apache HTTP Server has a good record for security and a + developer community highly concerned about security issues. But + it is inevitable that some problems -- small or large -- will be + discovered in software after it is released. For this reason, it + is crucial to keep aware of updates to the software. If you have + obtained your version of the HTTP Server directly from Apache, we + highly recommend you subscribe to the Apache + HTTP Server Announcements List where you can keep informed of + new releases and security updates. Similar services are available + from most third-party distributors of Apache software.

+ +

Of course, most times that a web server is compromised, it is + not because of problems in the HTTP Server code. Rather, it comes + from problems in add-on code, CGI scripts, or the underlying + Operating System. You must therefore stay aware of problems and + updates with all the software on your system.

+ +
top

Permissions on ServerRoot Directories

@@ -116,7 +135,7 @@

Allowing users to execute CGI scripts in any directory should only be - considered if;

+ considered if:

  • You trust your users not to write scripts which will deliberately diff --git a/docs/manual/misc/security_tips.xml b/docs/manual/misc/security_tips.xml index 0c6fcac83b..942674c229 100644 --- a/docs/manual/misc/security_tips.xml +++ b/docs/manual/misc/security_tips.xml @@ -13,6 +13,28 @@ Some of the suggestions will be general, others specific to Apache.

    +
    Keep up to Date + +

    The Apache HTTP Server has a good record for security and a + developer community highly concerned about security issues. But + it is inevitable that some problems -- small or large -- will be + discovered in software after it is released. For this reason, it + is crucial to keep aware of updates to the software. If you have + obtained your version of the HTTP Server directly from Apache, we + highly recommend you subscribe to the Apache + HTTP Server Announcements List where you can keep informed of + new releases and security updates. Similar services are available + from most third-party distributors of Apache software.

    + +

    Of course, most times that a web server is compromised, it is + not because of problems in the HTTP Server code. Rather, it comes + from problems in add-on code, CGI scripts, or the underlying + Operating System. You must therefore stay aware of problems and + updates with all the software on your system.

    + +
    +
    Permissions on ServerRoot Directories @@ -131,7 +153,7 @@ Non Script Aliased CGI

    Allowing users to execute CGI scripts in any directory should only be - considered if;

    + considered if:

    • You trust your users not to write scripts which will deliberately