> -----Original Message----- > From: Ged Haywood [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, October 16, 2002 1:49 PM > To: Joerg Plate > Cc: [EMAIL PROTECTED] > Subject: Re: evil scripts kill the server... > > > Hi there, > > On Wed, 16 Oct 2002, Joerg Plate wrote: > > > >> Is it true that you can kill the whole server, not just the > > >> script if you do something wrong with mod_perl? > > > > > Yes, I'm afraid it is. > > > > How? > > For example by swallowing all the memory, by consuming all the CPU, > and of course by making root access available to the world through > careless programming practice... > > Need I continue? >
Yes you should. You are making it sound like these problem are unique to mod_perl when they are not. While you allude to the real causes of many server problems - careless programming practice - you leave it open like mod_perl somehow intrinsically fosters careless programming or that even worse it is inherently not secure. Like any web server, a poorly configured and poorly programmed mod_perl enable server is prone to failure. Of course some could say that a poorly configed/programmed mod_perl/apache server is better than a well configed/programmed server of another brand. The original poster should know that any server can fail under to proper circumstances and that while technically the rumors are true (and are they really rumors? I don't think there is some hidden agenda in the mod_perl/apache community to hide server security issues) it is also just as true that a problem in a mod_perl script is not going to cause the server to fail completely. And all of that is true with any brand server. That is why you should have a development server to work on new code on, a QC server to test newly released code and a production server (or servers) for code you have tested and a sure is ready for "prime-time." And again, that is not true only for mod_perl/apache, but is true for all webservers regardless of brandname.