Nginx securiy problem

Michael Shadle mike503 at gmail.com
Sun Dec 6 01:12:52 MSK 2009


On Sat, Dec 5, 2009 at 1:58 PM, Steve <steeeeeveee at gmx.net> wrote:

> Then Softlayer does not understand anything about security. Security is not a tool nor is it something you apply once and then forget about it. Security is a process. You need constantly to take care of it. Some time it is technical (hardware that can be installed, software that can be hardened, etc) and some time it is organizational (you have a check list to follow in case of security breach, you alert a security person in case of a security breach, you close your forum for X hours in case of a security breach/break, etc).

Actually, SoftLayer is quite security-focused. I am a customer and
have been quite happy with them.

They are doing the standard "fix your servers or we'll cut you off" -
they're not saying security is a "tool" - they're telling him that he
needs to hire someone they trust to fix his servers up as he does not
seem to be equipped to, or they will shut him off. It's not worth the
overhead they have to take on to have people who don't know how to
manage their own servers.

FYI: I run 0.8.x. I run the latest possible version Igor puts out
whenever I have time to update.

As someone once told me, "Igor's betas are more stable than most
people's stable versions" and I would have to agree. I've never ran
into an issue or bug that had to do with a new version of nginx
because I happened to be running a "beta" - all of my issues are
mainly due to something lacking or needing more understanding on how
to workaround a configuration limitation, etc.

Never something as stupid as "gzip + aliased locations doesn't work"
as another popular alternative webserver that flies light had broken
in it for over a year before it was fixed...



More information about the nginx mailing list