So, my talk on securing Apache got scheduled for Wednesday, May 2nd. Now I’ll have to prepare it. Specifically, it’s about harnessing the security features of Apache itself and a Unix-family operating system to protect it from problems within Apache itself, but more importantly from bugs in applications (such as PHP scripts) running under Apache.
I got the idea when I reviewed the Apache security books (here). There were some things they cover very well, and others they didn’t. I found some of the latter rather disturbing, and put it on my to-do list to write an article or two on the subject.
Anyway, assuming the books represent “conventional wisdom” on the subject, I’ll introduce that, and then fill in those gaps. In the meantime, I’d better write those articles! Probably two of them between now and ApacheCon.