"César Leonardo Blum Silveira" <cesarbs@xxxxxxxxx> writes: [...] > So, my question is: how safe is it to let the other interface listen, > even if it will not respond correctly to any request? What is the > potential for security vulnerabilities in the 8080 port of the other > interface? There actual threat from doing this is very small if both IP addresses are publicly accessible. Connecting to an address with no site configured for it will probably exercise a different code path than connecting to an address with a site, but it's likely to be small and not very risky. However, if your Web server is not public, or you are doing any kind of IP address-based access control (perhaps at a firewall), you would want to be careful to ensure that the same access rules applied to both of your IP addresses. Any public Web server represents some risk, and if that alternate IP address bypasses your access control and makes your otherwise private Web server public, it could be a bit risky. Bottom line: It's probably very slighly safer to avoid listening on that IP address at all, but only very slightly. Hope this helps, ----Scott. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|