[E-Lang] defense in depth

David Wagner daw@mozart.cs.berkeley.edu
25 Jan 2001 19:47:45 GMT

Jonathan S. Shapiro wrote:
>This is not a good test. Some of the functions in apache are inherently
>insecure. These should not be supported in a high-assurance environment,
>and compatibility be damned.

That's interesting.  Yes, if the features are fundamentally
incompatible with security, they should be omitted from the
comparison.  I agree.

I have to admit: Now I'm curious.  Which features of Apache are
inherently insecure?  Can you give any examples?