Hi, Some "user input" not validated = Software can get hacked.
So, if httpd developers don't want httpd to get hacked then they should validate all the "user inputs". All user inputs should be within a range (min - max). Number inputs can be validated easily but validating text input is tough. So, for text inputs, the length of the input should be limited, so that hackers don't take advantage of unlimited text input. For example, if the text input is an IPv6 address, then the length of the text input should be limited to 39 characters. The length limit itself will be able to successfully defend lots of hacking attempts (lots of SQL injection attacks can be avoided by placing a length limit on text inputs). After the length limit, if possible, the text input should be checked whether it is correct or not. Regards, Amit
