[Snort-users] PHP4 advisory... ACID?
Jason.Haar at ...294...
Mon Jan 22 15:36:29 EST 2001
On Mon, Jan 22, 2001 at 02:17:21PM +0000, Dave Ryan wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> ACID has it own problems, as stated by the development team,
> "ACID is currently _alpha_. No real work has been done in validating any input. Therefore, exercise extreme caution in deploying this application to a public area."
> Personally I wouldnt run acid on any public facing interface, best to keep connections for a second interface onto a private switch with restricted internal acces.
A bit harsh - simply telling Apache to password-protect the ACID directory
and only run it over HTTPS should take care of most problems....
Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417
More information about the Snort-users