Shellshock Vulnerability CVE-2014-6271

The Bash Shell have a new exploit named shellshock. From Thursday 25 september 2014, Bash have a bug that realy make everybody paranoid. The exploit is CVE-2014-6271 which enable the attacker to run any code even without authenticating to the server, especially with DHCP services. Stephane Chazelas discoverd this vulnerability in bash, related with the how the environment variables are processed by bash and this affect many of the linux / unix system which by default utilize bash shell. This affect Bash released 20years ago back to version 1.3 Lucky for me, i am in the BSD bandwagon, which by default not using Bash, but using tcsh or csh,...

Read More

Control Cache directive for Web Server

When dealing with a Web application, the web server is our gateway to the application server. The best practice to separate the load between application code and static files are the task of the web server. This to make sure the application server just handle the thing they good of, the application.  Let the burden to handle the serving of static files be lifted from the application server. Have mercy for the application server. So the best practice is the static files handled by web server directly, and the application generated content goes to the application server. Now the load already separated. Now to get more of your application...

Read More