Apache Week
   
   Issue 247, 18th May 2001:  

Copyright 1996-2005
Red Hat, Inc.

In this issue


Under Development

The main topic of discussion this week has been the design of the scoreboard in Apache 2.0. The scoreboard in Apache stores the state of all processes in the server and allows the mod_status module to present an overview of the server status to the server administrator. In Apache 2.0, having the MPM abstraction means that the scoreboard needs to keep track of not only processes, but for threaded MPM's, the threads within each process as well. Paul Reder has proposed a redesign of the scoreboard to cope better with this new model.

Apache 1.3.20, which includes the security fix for Win32 and OS/2 platforms, was released for internal testing on Thursday, and should be released publicly in a few days. Because of perceived portability problems, the new version of the ApacheBench utility was not included in this release.

Graham Leggett has submitted a rewritten version of mod_headers for Apache 2.0 which operates as a filter. The new version is intended to allow adding headers to requests which are proxied to other servers as well as to adding headers to responses sent back to clients.


Apache status

Apache Site: httpd.apache.org
Release: 1.3.19 (Released 1st March 2001) (local download sites)
Beta: 2.0.17 (released 17th April 2001) (local download sites)

Apache 1.3.19 is the current stable release. Users of Apache 1.3.17 and earlier on Unix and Windows systems should upgrade to this version. Read the Guide to 1.3.19, the Guide to 1.3.17, the Guide to 1.3.14, the Guide to 1.3.12, the Guide to 1.3.11, and the Guide to 1.3.9 for information about changes between each revision since 1.3.6.

Security flaw found in Apache for Win32 and OS/2

A vulnerability was found in the Win32 and OS2 ports of Apache 1.3. A client submitting a carefully constructed URI could cause a General Protection Fault in a child process, bringing up a message box which would have to be cleared by the operator to resume operation. This vulnerability introduced no identified means to compromise the server other than introducing a possible denial of service.

A fix for this vulnerability is in Apache 1.3.20 which will be available in the next few days


Featured articles

In this section we highlight some of the articles on the web that are of interest to Apache users.

Jim Jagielski talks about using PHP with Java and on various Java-based application servers, such as Apache Tomcat server in "PHP and Java: Greater Than the Sum of Its Parts?". He lists the limitations of PHP as a true object-oriented language but concludes that PHP supports sufficient aspects of OOP to create applications in a full OOP framework. Then he walks us through the steps of building and configuring PHP with Java, including support for Java servlets, and creating methods on Java objects using PHP.

"Cracking The Vault" part 1 and part 2, guide you through the real life implementation of an electronic document management system using PHP and MySQL in the hope of realising a paperless office. Novice and intermediate programmers will learn about designing and building a Web-based application, and also PHP's session handling, file upload and database capabilities from these two articles.

Software Development magazine tackles the question of Is Open Source for You?" and comes up with four principles to determine the suitable projects for migrating to open source. Of all the free programs available, the Apache Web server, Linux, EGCS/GCS, Samba, Perl, MySQL, Xerces, Xalan, FOP and Cocoon are found to be particularly useful.


Comments or criticisms? Please email us at editors@apacheweek.com