[Snort-users] PHP4 advisory... ACID?

Jason Haar Jason.Haar at ...294...
Mon Jan 22 15:36:29 EST 2001


On Mon, Jan 22, 2001 at 02:17:21PM +0000, Dave Ryan wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> ACID has it own problems, as stated by the development team,
> 
> "ACID is currently _alpha_. No real work has been done in validating any input. Therefore, exercise extreme caution in deploying this application to a public area."
> 
> Personally I wouldnt run acid on any public facing interface, best to keep connections for a second interface onto a private switch with restricted internal acces.

A bit harsh - simply telling Apache to password-protect the ACID directory
and only run it over HTTPS should take care of most problems....


-- 
Cheers

Jason Haar

Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417




More information about the Snort-users mailing list