You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "David P. Donahue" <dd...@ccs.neu.edu> on 2004/10/05 16:48:14 UTC
[users@httpd] Security, 2.0.xx vs. 1.3.xx
I'm currently using Apache 1.3.31 for my web serving needs. It's never
really occurred to me to use the 2.0 series, as I've had plenty of luck
with the 1.3 series and I can't really find anything wrong with it.
But, just out of curiosity, is there a security benefit to using the 2.0
series? Features aren't really an issue, as I use it for pretty basic
stuff. But security is a definite concern. Is 2.0.52 "more secure"
than 1.3.31? If so, in what way?
Regards,
David P. Donahue
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Security, 2.0.xx vs. 1.3.xx
Posted by Jerry K <ap...@oryx.cc>.
I don't know that there are any specific security pluses to using 2.0.x over
1.3.x. At any given time, there may be a security issue with either of the
products, or even both. Its my opinion that the Apache people are pretty good
about getting security fixes out in a timely manner.
It has been my observation that the hold up for most people is "so and so"
module has not yet been ported to 2.0.x and that is what has been holding them
back. I do not yet require any modules that haven't been ported to 2.0.x and I
have deployed 2.0.x without issue in new servers that I build. The one "big"
module that many people indicated they had problems with early on with 2.0.x was
PHP. I believe that for the most part, those issues are resolved. At least I
am currently having no 2.0.x/PHP issues.
As far as why, moving to 2.0.x just seems obvious as this is where new
development is being done, just as probably one day, we will be making the move
to Apache httpd 3.x.
I would be curious to hear from anyone who is sticking with 1.3.x for reasons
other than your module hasn't been ported.
Jerry K
David P. Donahue wrote:
> I'm currently using Apache 1.3.31 for my web serving needs. It's never
> really occurred to me to use the 2.0 series, as I've had plenty of luck
> with the 1.3 series and I can't really find anything wrong with it.
> But, just out of curiosity, is there a security benefit to using the 2.0
> series? Features aren't really an issue, as I use it for pretty basic
> stuff. But security is a definite concern. Is 2.0.52 "more secure"
> than 1.3.31? If so, in what way?
>
>
> Regards,
> David P. Donahue
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Security, 2.0.xx vs. 1.3.xx
Posted by Joshua Slive <js...@gmail.com>.
On Tue, 5 Oct 2004 10:48:14 -0400, David P. Donahue
<dd...@ccs.neu.edu> wrote:
> I'm currently using Apache 1.3.31 for my web serving needs. It's never
> really occurred to me to use the 2.0 series, as I've had plenty of luck
> with the 1.3 series and I can't really find anything wrong with it.
> But, just out of curiosity, is there a security benefit to using the 2.0
> series? Features aren't really an issue, as I use it for pretty basic
> stuff. But security is a definite concern. Is 2.0.52 "more secure"
> than 1.3.31? If so, in what way?
There's no real answer to that question because:
1. Security means different things to different people; and
2. Even with a specific definition of security, there are no concrete metrics.
In general, I don't see either as being particularly more secure at
this point. If 1.3 does everything you need, then I wouldn't upgrade
for security reasons alone.
Joshua
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org