You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Pravesh Rai <pr...@gmail.com> on 2011/06/27 14:42:09 UTC
[users@httpd] Exception thrown by Apache
Hi All,
In our case, whenever Apache (2.2.15) on Windows throws any exception
(Access Violation), it leaves the dump files at default Windows location.
The problem is that, the dump file is showing user credential in plain text.
So, would like to know, if there are any ways to avoid this type of exposure
of credential?
FYI, we are using Windows OS based authentication.
Thanks,
PK
Re: [users@httpd] Exception thrown by Apache
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On 6/28/2011 7:23 AM, Igor Galić wrote:
>
>
> ----- Original Message -----
>> Hi All,
>>
>> In our case, whenever Apache (2.2.15) on Windows throws any exception
>> (Access Violation), it leaves the dump files at default Windows
>> location. The problem is that, the dump file is showing user
>> credential in plain text. So, would like to know, if there are any
>> ways to avoid this type of exposure of credential?
>
> You could disable dumps.. or you could track down the access
> violation and fix it. Maybe a newer version - 2.2.19 is the current
> stable - will already do the trick?
Well, that would be the sensible solution.
Dumps themselves can always be redirected, that's just a matter of
running drwtsn32 and changing the target path or disabling them
altogether.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Exception thrown by Apache
Posted by Igor Galić <i....@brainsware.org>.
----- Original Message -----
> Hi All,
>
> In our case, whenever Apache (2.2.15) on Windows throws any exception
> (Access Violation), it leaves the dump files at default Windows
> location. The problem is that, the dump file is showing user
> credential in plain text. So, would like to know, if there are any
> ways to avoid this type of exposure of credential?
You could disable dumps.. or you could track down the access
violation and fix it. Maybe a newer version - 2.2.19 is the current
stable - will already do the trick?
> FYI, we are using Windows OS based authentication.
NTML? NTLM? SSPI? Kerberos?
> Thanks,
> PK
i
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org