varnish security
Poul-Henning Kamp
phk at phk.freebsd.dk
Mon Jul 12 12:20:29 CEST 2010
In message <4C3AD9F6.8020307 at d6.com>, Chris Hecker writes:
>> I pressume you also bothered to read the vendor response ?
>
>Of course. I was just pointing out the related thread.
Uhm, no, you pointed to the message with the bogo-advisory and
I do not seem to be able to find any ensuing discussion from there ?
>Maybe a wiki page on varnish-cache.org on securing varnish would be
>useful here. It could contain the thing about the file permissions
>above, a short discussion of the CLI, etc. That would help, and
>couldn't hurt.
Yeah, our docs need work...
>The Husqvarna analogy is slightly flawed since most people can't run
>yum install husqvarna
>and have one magically appear at their feet, gassed and ready to go. :)
That argument would be much more convincing, if sites like this
did not exist:
http://www.baileysonline.com/search.asp?SKW=HVF%20390XP&catID=11443
Poul-Henning
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the varnish-misc
mailing list