[nycbug-talk] (no subject)
Jonathan Vanasco
nycbug-list at 2xlp.com
Sat Jul 14 20:37:31 EDT 2007
On Jul 14, 2007, at 4:45 PM, Marc Spitzer wrote:
> Looks reasonable. The only thing is you need to also have a
> application level firewall in the mix. A proxy firewall to inspect
> all inbound http/s traffic for bad things ,
that's always good.
> sql injection and out of bounds values(ie what happens when I
> order -3
> TVs) come to mind.
that is really really bad. it creates a false sense of security.
its a good thing to have, but your underlying webapp should be able
to handle that ( ie, always use bind with sql, escape / validate
input, etc ). if you're an admin, and you do that to safeguard
yourself against bad programmers -- great. but if you're a
programmer, you shouldn't know/expect any of that to exist.
thats just a sore spot for me.
On Jul 14, 2007, at 2:15 PM, Aleksandar Kacanski wrote:
> Through experience and lengthly troubleshooting sessions I am weary
> of FW and persistent connections and work around with
> socket_keepalive properties. I am specifically referring to apache
> and ajp proxy plugin but I saw number of production issues with
> real proxy servers and fw.
i don't know about the ajp proxy plugin. apache + keepalive can
create lots of issues though.
i do a lot of mod_perl programming, and keepalive can often jam the
whole damn server , which makes me want to FOI)(@*#@#* break
apache. to combat that, i run nginx on port 80 and then proxy to
apache when needed. nginx can handle the keepalive requests without
blocking, and a keepalive between apache & nginx makes stuff run even
faster.
// Jonathan Vanasco
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -
| CEO/Founder SyndiClick Networks
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -
| Founder/CTO/CVO
| FindMeOn.com - The cure for Multiple Web Personality Disorder
| Web Identity Management and 3D Social Networking
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -
| RoadSound.com - Tools For Bands, Stuff For Fans
| Collaborative Online Management And Syndication Tools
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -
More information about the talk
mailing list