[nycbug-talk] (no subject)

Jonathan Vanasco nycbug-list at 2xlp.com
Sat Jul 14 20:37:31 EDT 2007


On Jul 14, 2007, at 4:45 PM, Marc Spitzer wrote:
> Looks reasonable.  The only thing is you need to also have a
> application level firewall in the mix.  A proxy firewall to inspect
> all inbound http/s traffic for bad things ,

that's always good.


>  sql injection and out of bounds values(ie what happens when I  
> order -3
> TVs) come to mind.

that is really really bad.  it creates a false sense of security.   
its a good thing to have, but your underlying webapp should be able  
to handle that ( ie, always use bind with sql, escape / validate  
input, etc ).  if you're an admin, and you do that to safeguard  
yourself against bad programmers -- great.   but if you're a  
programmer, you shouldn't know/expect any of that to exist.

thats just a sore spot for me.

On Jul 14, 2007, at 2:15 PM, Aleksandar Kacanski wrote:

> Through experience and lengthly troubleshooting sessions I am weary  
> of FW  and persistent connections and work around with  
> socket_keepalive properties. I am specifically referring to apache  
> and ajp proxy plugin but I saw number of production issues with  
> real proxy servers and fw.

i don't know about the ajp proxy plugin.  apache + keepalive can  
create lots of issues though.

i do a lot of mod_perl programming, and keepalive can often jam the  
whole damn server , which makes me want to FOI)(@*#@#* break  
apache.   to combat that, i run nginx on port 80 and then proxy to  
apache when needed.  nginx can handle the keepalive requests without  
blocking, and a keepalive between apache & nginx makes stuff run even  
faster.


// Jonathan Vanasco

| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - - - - -
|   CEO/Founder SyndiClick Networks
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - - - - -
|     Founder/CTO/CVO
|      FindMeOn.com - The cure for Multiple Web Personality Disorder
|      Web Identity Management and 3D Social Networking
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - - - - -
|      RoadSound.com - Tools For Bands, Stuff For Fans
|      Collaborative Online Management And Syndication Tools
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - - - - -





More information about the talk mailing list