Re: Secure nginx - Dave Cheney - ru.sysoev.nginx

4 messages in ru.sysoev.nginxRe: Secure nginx

From	Sent On	Attachments
Paul Greenwood	Feb 20, 2009 1:01 pm
Nuno Magalhães	Feb 20, 2009 2:14 pm
Merlin	Feb 20, 2009 3:51 pm
Dave Cheney	Feb 20, 2009 11:10 pm

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Re: Secure nginx	Actions...
From:	Dave Cheney (da...@cheney.net)
Date:	Feb 20, 2009 11:10:04 pm
List:	ru.sysoev.nginx

Both of those attack vectors relate to web applications, not web servers. Nginx and apache do their part to make sure any data proxied through them to the web application is well formed. However it is the applications job, not the web servers, to make sure it behaves correctly in the presence of untrusted data.

Cheers

Dave

On 21/02/2009, at 8:01 AM, Paul Greenwood wrote:

Is there some specific parameters that are used to lock down nginx for example that might prevent sql injection or css attacks. I have read "Apache Security" and "Preventing Apache Web Attacks" but not quite sure how to apply that knowledge to nginx. I would appreciate any suggestions. Thanks

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: