On Thu, Sep 24, 2009 at 10:42:58AM +0200, Joachim Schipper wrote:
| On Wed, Sep 23, 2009 at 08:09:53PM -0500, Matthew Young wrote:
| > Hello,
| >
| > The website of gotroot.com states for their apache1 rules: "Retired Rules
| > (No longer updated) "
| >
| >
| > The initial question prevails: Is this the best appoach? How secure are
| > these "old" rules?
|
| Adding mod_security shouldn't decrease your security; it only increases
| it if you have otherwise-insecure software installed, and you can only
| hope that it plugs all holes in that case.
Adding pieces of software means more code. More code generally means
more bugs. Maybe it's just me, but going by the name, "mod_security"
seems like a REALLY bad idea to me.
Paul 'WEiRD' de Weerd
(a module that adds security ? why not have security in the first
place ?)
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
