I understand they replaced nginx with something different. But why a half-finished webserver that doesn't even support things like URL rewriting. For those who seek a secure webserver, but with features to properly support the modern website/framework/CMS, try the Hiawatha webserver [hiawatha-webserver.org].
Because most people do not need a server full of (holes?) features... They just need to serve a few pages. Everything else is in ports, even your precious Hiawata...
No, most people want to run a simple PHP website (Wordpress, Drupal, etc). But since almost every modern CMS and framework require at least a simple form of URL rewriting (rewrite every request for a non-existig file to/index.php), OpenBSD's httpd is a no-go.
I require mod_rewrite for more advanced caching, and shit, even for my SEO score.
Does this httpd have the amount of eyes and ears that apache2 or nginx do? I'll trust it after 4 years when people have had a chance to put it through the gauntlet.
by Anonymous Coward writes:
on Friday May 01, 2015 @08:56PM (#49598129)
Unlike other packages and OS's, Theo wants the most secure OS possible. In order to do that the default packages need to be as secure as possible. They moved to their own HTTPd to ensure that it's secure out-of-the-box.
You're missing a key point here. Just because other packages take 4 years to "harden" doesn't mean that younger packages are crap. The quality has nothing to do with age but everything to do with quality of design and ensuring that all 'i' are dotted and 't''s are crossed.
The reason for vulnerabilities are do to lazy programming or panic programming where a feature needs to ship tomorrow, who cares how it's implemented. If done correctly, vulnerabilities can be eliminated. There are finite reasons for vulnerabilities, if proper practices are followed, when processing data from the outside world will not cause security issues. There are unit tests that can ensure that cases are covered correctly.
For all we know the daemon has been run through attacks for a while now, possibly your 4 years, before being released.
You're high-horse comment simply shows that you're a shill, troll, or have no idea what OpenBSD stands for. I'd recommend you go back in your cave.
New HTTP daemon (Score:2)
I understand they replaced nginx with something different. But why a half-finished webserver that doesn't even support things like URL rewriting. For those who seek a secure webserver, but with features to properly support the modern website/framework/CMS, try the Hiawatha webserver [hiawatha-webserver.org].
Re: (Score:0)
Because most people do not need a server full of (holes?) features... They just need to serve a few pages. Everything else is in ports, even your precious Hiawata...
Re: (Score:2)
Re: (Score:0)
I require mod_rewrite for more advanced caching, and shit, even for my SEO score.
Does this httpd have the amount of eyes and ears that apache2 or nginx do? I'll trust it after 4 years when people have had a chance to put it through the gauntlet.
Re:New HTTP daemon (Score:1)
Unlike other packages and OS's, Theo wants the most secure OS possible. In order to do that the default packages need to be as secure as possible. They moved to their own HTTPd to ensure that it's secure out-of-the-box.
You're missing a key point here. Just because other packages take 4 years to "harden" doesn't mean that younger packages are crap. The quality has nothing to do with age but everything to do with quality of design and ensuring that all 'i' are dotted and 't''s are crossed.
The reason for vulnerabilities are do to lazy programming or panic programming where a feature needs to ship tomorrow, who cares how it's implemented. If done correctly, vulnerabilities can be eliminated. There are finite reasons for vulnerabilities, if proper practices are followed, when processing data from the outside world will not cause security issues. There are unit tests that can ensure that cases are covered correctly.
For all we know the daemon has been run through attacks for a while now, possibly your 4 years, before being released.
You're high-horse comment simply shows that you're a shill, troll, or have no idea what OpenBSD stands for. I'd recommend you go back in your cave.