search for: websecur

Today there was a posting by Stefano di Paola to the Web Security Mailing List, http://www.webappsec.org/lists/websecurity about "HTTP Parameter Pollution", with a reference to his and Luca Carettoni presentation at http://www.owasp.org/images/b/ba/AppsecEU09_CarettoniDiPaola_v0.8.pdf The point is that different web servers/backends behave differently when handling requests such as GET /foo?par...

.../rsyncd.exclude I setup the /etc/rsyncd.exclude file to prevent transfering logs files or system specific files (SSL certificates or passphrase): - /logs/ - /conf/ssl* - /conf/passphrase Now, the mirror server pulls the apache module with the command: rsync -avz --delete --delete-during rsync://websecure@sunray/apache/ /usr/apache/ The daemon runs as nobody on the server, and as the /conf/passphrase file is excluded from transfer, it does not try to access it. If it tries, I would have a permissions error as it is readable by root only. But on the client side, I have to run as root to correctly s...