Someone at work yesterday was trying to convince me that _any_ web server
is like an open invitation to hackers.. he was saying things like "just go
on the net and look, and you'll see ways to get a command line prompt
through any unix web server..."
I didn't tell him that I've probably looked on the web for a lot more
hacking stuff than he ever has, and I've never heard it was _that_ bad..
sure some servers have security holes, and sometimes hackers modify peoples
pages.. but.. this sounds a bit much..
Running two apache servers, though, this causes me a little concern..
Does anyone know offhand of any pointers to where I should look for
definitive answers on this? (apache security, any unix web server security,
especially the possibility of a command line prompt(!), and any other web
server security (which he seemed to think was as vulnerable as far as
keeping sensitive data behind it))
Thanks for your time.
-- Andrew Derry - derry@sfu.ca