You probably see what I want to have pulled. #2

Closed
wants to merge 16 commits into
from

Conversation

Projects
None yet
4 participants
Member

skinkie commented Oct 13, 2011

I still don't understand how I can exclude a single file from a pull request. But I leave the cherry picking to you.

skinkie added some commits Oct 13, 2011

@skinkie skinkie Implements iterating over multiple source destinations. Will not work…
… in case of spanning interpreters.
bdaeaea
@skinkie skinkie Typo in Server String a329b42
@skinkie skinkie We don't use listener->server_string_ext so why keep it? c8be77e
@skinkie skinkie Implements/Ports; "Feature Request: Server Tokens" issue 438.
I took the liberty to port the proposed patch and extend its functionality beyond what is published to the outside. And including what is published to foreign
scripts and proxy hosts. The point is obviously be secure by default, the point of hiding it: make it a little bit harder to guess what is actually 'the default'.

http://code.google.com/p/cherokee/issues/detail?id=438
1d6ff06
Member

skinkie commented Oct 13, 2011

@alobbs we should not 'free' the socket or something like it?

alobbs commented on 1d6ff06 Oct 13, 2011

I do not like it. There are a whole lot f ways to identify the server, the token string is just the most obvious one, but there are many, MANY others.
In my opinion, trying to hide the Server is pointless and a lousy way to have a false sense of security. -1.

Owner

skinkie replied Oct 13, 2011

I think a few weeks on Slashdot I read an article that good security in addition to some obscurity gives the bests results. I am not pro-using it at all, but then again a user requested it, created a patch and I am just following up and incorporating it in my tree. Will it hurt Cherokee: probably not, is it an advise to run Cherokee like it: no.

http://news.slashdot.org/story/11/10/01/2034215/security-by-obscurity-a-new-theory

Thank you!

Will this be included in future releases ? Like skinkie said, it is "Security by Obscurity" - but this is definitely no powerful argument to not implement this patch for major releases too ...

Kissaki commented Oct 13, 2011

Well, as an attacker trying to identify that’s the first thing I’d check for.
Identifying by other means is more work and may be less definitive (ambiguous with other servers/systems).
Of course it will not prevent identification but increase the work someone trying to identify it would have (or find sources providing info for that, how to do it).
I can see both sides here … Well, removing it certainly does not harm.

skinkie added some commits Oct 13, 2011

@skinkie skinkie Introducing rule filetime; this rule allows to match on access, creat…
…ion or modification time changes. Originally written to be run on an OpenStreetMap tile

server, together with handler_tile. This code also introduces the ability to have 'beta' modules, which are only enabled using --enable-beta. An open case to
me if this is handled correctly in the admin. now.

http://code.google.com/p/cherokee/issues/detail?id=683
e7daa3d
@skinkie skinkie Implements handler_tile, to be used together with (a modified) form o…
…f renderd, allowing it to render meta tiles, but writing them out as single files.

Opposed to mod_tile which serves meta tiles, we might add this functionality later.

http://code.google.com/p/cherokee/issues/detail?id=683
4d1d238
@skinkie skinkie Implements handler_tile, to be used together with (a modified) form o…
…f renderd, allowing it to render meta tiles, but writing them out as single files.

Opposed to mod_tile which serves meta tiles, we might add this functionality later.

http://code.google.com/p/cherokee/issues/detail?id=683
d76faa4
@skinkie skinkie Merge branch 'master' of github.com:skinkie/webserver 0ceae65
@skinkie skinkie Implements handler_sphinx, a full-text search in the style of DBslaye…
…r, extensively used on openkvk.nl

TODO: configure.in needs some love to figure out where -lsphinxclient and sphinxclient.h is located, and the ability not to compile the handler.
TODO: we are currently not using a balancer scenario, but we might be able to do so.

http://code.google.com/p/cherokee/issues/detail?id=691
72dbee1
@skinkie skinkie Fixes the compilation if sphinxclient.h is not present. Basically jus…
…t prevents handler_sphinx to be compiled at all,

unless you know what you are doing. Hence chance have_sphinxclient to yes.
ce54e81
@skinkie skinkie We had a newer version of handler_tile already running on OpenStreetM…
…ap.nl
4c9c671
@skinkie skinkie Implements the ability to use ${passwd} inside the SQL query in valid…
…ator_mysql. Credits go to aaronh...@gmail.com.

http://code.google.com/p/cherokee/issues/detail?id=728
f61188f
@skinkie skinkie Partial Japanese translation provided by: lo...@hotmail.co.jp 61ac7f1
@skinkie skinkie Merge git://github.com/cherokee/webserver e471aa7
@skinkie skinkie Merge git://github.com/cherokee/webserver 4f17710
@skinkie skinkie Merge git://github.com/cherokee/webserver 4e28ff4
Member

skinkie commented Oct 16, 2011

I think you now have everything that actually matters :)

skinkie closed this Oct 16, 2011

Owner

alobbs commented Oct 17, 2011

Thanks Stefan! :-)

@skinkie skinkie pushed a commit that referenced this pull request Aug 6, 2012

@Dakunier Dakunier Merge pull request #2 from Dakunier/patch-3
Patch 3
634a43e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment