[Zope] RedHat Secure Web Server 3.1 & Zope 2.1 & MySQL

Michel Pelletier michel@digicool.com
Mon, 6 Dec 1999 12:51:45 -0500


> -----Original Message-----
> From: CURTIS David [mailto:David.Curtis@state.or.us]
> Sent: Monday, December 06, 1999 11:32 AM
> To: Zope@zope.org
> Subject: [Zope] RedHat Secure Web Server 3.1 & Zope 2.1 & MySQL
> Sensitivity: Personal
> 
> 
> Hi,
> 
> My Web site got hacked.  I was told that RedHat Secure Web 
> Server  3.1 can prevent certain types of attacks.  Does Zope 
> run on Secure Web Server 3.1?  I was running Apache and Zope 
> (ZAP) together before.  Not knowing exactly the method of my 
> server's breach makes it hard to prevent further attacks but 
> what is best way to prevent such problems again?

As far as I know, RH Secure Server is just Apache plus SSL.  It isn't in
any way more 'secure' than plain vanilla Apache, it can just use strong
encryption on your data.  If there is an apache exploit that exists but
is not yet fixed (say, a buffer overflow) it probably exists in RH's
Secure server also.

Also, since you say you don't know the nature of the hack, it could be
completely unrelated to Apache or Zope.

There are gobs and gobs of online security references.  Start with the
XDP (http://www.linuxdoc.org/)

-Michel