Jacob Martinson wrote:
> i just read through the security section of the wiki.
> a few quick questions...
> - have there been any security related problems with the
> webware server
> itself in the past?
Yes; there was a potentially exploitable security issue in Webware 0.8 that
was addressed in Webware 0.8.1. See the Webware home page for details.
> - is it safe to assume that webware is largely invulnerable to buffer
> overrun exploits, similar to java, because memory allocation
> is handled
> automatically, or are there parts of webware written in C
> that could be
> problematic? i'm using webkit + mod_webkit in apache2.
mod_webkit is written in C, and could potentially have buffer overrun
issues. In fact, I seem to remember that old versions of mod_webkit (before
2003) did in fact have a buffer overrun issue.
I very much doubt that either of these bugs was ever exploited.