Date: Wed, 2 Aug 2006 08:10:01 -0400 From: Bill Moran <wmoran@collaborativefusion.com> To: Jonathan Horne <freebsd@dfwlp.com> Cc: freebsd-questions@freebsd.org Subject: Re: a good web statistics port? Message-ID: <20060802081001.afef1b9c.wmoran@collaborativefusion.com> In-Reply-To: <200608012048.48630.freebsd@dfwlp.com> References: <200608012048.48630.freebsd@dfwlp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In response to Jonathan Horne <freebsd@dfwlp.com>: > i would really prefer awstats, but its been > in "command injection" limbo forever. awstats isn't nearly as dangerous as the advisories make it out. The last few security problems only apply to systems where awstats is configured to allow you to updated the statistics from the web browser. This is not the default configuration on FreeBSD. Personally, I don't need "up to the minute" stats, so all the machines it runs on for me just update it from cron every night. In that configuration, it's not vulnerable to anything. I believe this has been the case with the last 2 or 3 security problems that have been announced for awstats. I'm not aware of any security issues if you have the web-update disabled. -- Bill Moran Collaborative Fusion Inc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060802081001.afef1b9c.wmoran>