The errata list is a list of errors and their corrections that were found after the product was released.
The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.
Color Key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update
Version |
Location |
Description |
Submitted by |
Date submitted |
Printed |
Page 61-62
example code at top of page |
I'm using Apache 1.3.9 on Debian 2.2.
The example code is written thusly (but somewhat abbreviated):
(page 61)
NameVirtualHost 192.168.123.2
(page 62)
<VirtualHost www.butterthlies.com>
ServerName www.butterthlies.com
</VirtualHost>
<VirtualHost sales.butterthlies.com>
ServerName sales.butterthlies.com
</VirtualHost>
This example code caused Apache to treat ALL virtual hosts as if they were the
last entry, i.e., no matter what name is requested. Most browsers will get the
documents under the DocumentRoot of the very last VirtualHost block (I don't
know why, but w3m gets the right docs after about a 15 second timeout).
However, the technical description at the bottom of the page is correct.
NameVirtualHost gives the IP address, and when a name is requested, it will
search for VirtualHost blocks that match that IP address and also has the name
being requested.
Therefore, the correct example code should look something like this:
NameVirtualHost 192.168.123.2
<VirtualHost 192.168.123.2>
ServerName www.butterthlies.com
</VirtualHost>
<VirtualHost 192.168.123.2>
ServerName sales.butterthlies.com
</VirtualHost>
This new setup appears to allow all VirtualHosts to be served properly. I'm
using a system with only 2 virtual hosts.
|
Anonymous |
|
Printed |
Page 82
AddHandler example in 2nd para under "Script in DocumentRoot" |
Last line in the example reads:
AddHandler cgi-script cgi
According to the Apache website (http://httpd.apache.org/docs/mod/mod_mime.html#addhandler) this should
be:
AddHandler cgi-script .cgi
|
Anonymous |
|
Printed |
Page 87
Last paragraph |
States:
The next section returns the length of date to come:
This should be (data instead of date):
The next section returns the length of data to come:
|
Anonymous |
|
Printed |
Page 98-99
I am a little confused as to the purpose of the suEXEC example. If |
Peter has the ability to logon as root, then why bother writing a script to
flatten victim1 when he can just do it as root?
And if Peter can't logon as root, then there is no security flaw (as I
understand it).
|
Anonymous |
|
Printed |
Page 222-223
The possibility of using openssl is not touched upon. I was able to |
run all of the configuration commands using openssl-0.9.6. The make install
appears to put it in "/usr/local/ssl." You might want to consider this in the
third edition or as an update to the second edition. This I feel is not an
error but rather a change that should be evaluated.
|
Anonymous |
|
Printed |
Page 227
Third command example |
ssleay x509 -in new3.cert.csr -out new3.cert.csr -req signkey privkey.pem
is still not correct although it was changed once in the errata. I think
that the correct command is:
ssleay x509 -in new3.cert.csr -out new3.cert.cert -req -signkey privkey.pem
1. -out new3.cert.csr gets changed to new3.cert.cert
2. signkey should be -signkey
|
Anonymous |
|
Printed |
Page 333
In code echo2.c many instances of period used in non-ANSI C fashion, |
apparently not K&R either. struct.member is only ansi c use of period.
(According to K&R, at least).
word[x] = ' |