[E-Lang] defense in depth
David Wagner
daw@mozart.cs.berkeley.edu
25 Jan 2001 19:47:45 GMT
Jonathan S. Shapiro wrote:
>This is not a good test. Some of the functions in apache are inherently
>insecure. These should not be supported in a high-assurance environment,
>and compatibility be damned.
That's interesting. Yes, if the features are fundamentally
incompatible with security, they should be omitted from the
comparison. I agree.
I have to admit: Now I'm curious. Which features of Apache are
inherently insecure? Can you give any examples?