Current time: 11-16-2024, 07:35 AM Hello There, Guest! (LoginRegister)


Post Reply 
Why is Awstats implemented? -> security risk
Author Message
monotek Offline
Junior Member
*

Posts: 65
Joined: Dec 2006
Reputation: 0
Post: #1
Why is Awstats implemented? -> security risk
Why is awstats implemented in upcoming omega release?
Imho thats a security risk. More than one time there was ugly bugs which could be used to compromise a server using awstats.

Sure Awstats looks nice but is webalizer not enough anyway?

Is awstats only optional or is it always used?
12-02-2006 05:50 AM
Find all posts by this user Quote this message in a reply
Shin Offline
Development Team - Junior
*****
Dev Team

Posts: 162
Joined: Oct 2006
Reputation: 0
Post: #2
RE: Why is Awstats implemented? -> security risk
You can disable it from the code, but it is better that webalizer
12-02-2006 06:20 AM
Visit this user's website Find all posts by this user Quote this message in a reply
monotek Offline
Junior Member
*

Posts: 65
Joined: Dec 2006
Reputation: 0
Post: #3
RE: Why is Awstats implemented? -> security risk
Yes ist is. And sometimes unsecure.
What do you mean with "You can disable it from the code"?
Will there be a config option to choose webalizer or awstats?
12-02-2006 06:23 AM
Find all posts by this user Quote this message in a reply
Shin Offline
Development Team - Junior
*****
Dev Team

Posts: 162
Joined: Oct 2006
Reputation: 0
Post: #4
RE: Why is Awstats implemented? -> security risk
no that you can modify the vhcs code for webalizer use
12-02-2006 06:32 AM
Visit this user's website Find all posts by this user Quote this message in a reply
ephigenie Offline
Project Leader
*******
Administrators

Posts: 1,578
Joined: Oct 2006
Reputation: 15
Post: #5
RE: Why is Awstats implemented? -> security risk
later on we could think over adding modlogan support i.e.
12-02-2006 11:18 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Donni Offline
Junior Member
*

Posts: 21
Joined: Nov 2006
Reputation: 0
Post: #6
RE: Why is Awstats implemented? -> security risk
Why not integrate Awstats with static page generation? If you use it with this option all output pages are pure html pages and there should be no security risk. AFAIR there is a "awstats static howto" somewhere in the official forum.
12-05-2006 06:27 PM
Find all posts by this user Quote this message in a reply
RatS Offline
Project Leader
******

Posts: 1,854
Joined: Oct 2006
Reputation: 17
Post: #7
RE: Why is Awstats implemented? -> security risk
Yes, there is, it's made by me ...
The trunk is only a WIP-Version, please be patient!
12-06-2006 04:36 AM
Visit this user's website Find all posts by this user Quote this message in a reply
monotek Offline
Junior Member
*

Posts: 65
Joined: Dec 2006
Reputation: 0
Post: #8
RE: Why is Awstats implemented? -> security risk
Is this changed to static genration yet?
03-16-2007 11:30 PM
Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #9
RE: Why is Awstats implemented? -> security risk
I dont think so - Integrate AwStats support is change in the Roadmap to Omega 1.0.0.
03-16-2007 11:40 PM
Visit this user's website Find all posts by this user Quote this message in a reply
BioALIEN Offline
Public Relations Officer
*****
Dev Team

Posts: 620
Joined: Feb 2007
Reputation: 5
Post: #10
RE: Why is Awstats implemented? -> security risk
I prefer AWStats to Webalizer. I know more newbie sys admins will convert to VHCS Omega because of this fact Smile
03-17-2007 01:54 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 5 Guest(s)