On Mon, Feb 03, 2003 at 11:16:25AM -0600, Hann, Brian wrote: > I wish that was an option, but unfortunately it's not due to the extreme > amount of applications we would have to test and we don't have the > manpower or time for that.
of course, by posting to this list, you have just made any would-be trawler who happens across this information aware that the bank you work for is running a deprecated and insecure web server on a production machine (that appears to have some sort of e-banking interface?) and have no intention to fix it. even if your server is changerooted i'd imagine you'd still need to access things like database auth credentials and ssl private keys. can you really afford the man-hours of labour that would be generated if those were compromised? > I actually think the REAL problem is some sort of spacing/whitespace > issue in the conf file. I'm going to test a few more things and then > I'll post the results. quite possibly. you could always go through three and a half years of changelogs to see if that particular bug was fixed. .dorian
