logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> News & Hangout View previous topic :: View next topic
Reply to topic   Topic: c2 security on apache? (or mysql?)
Author
bryanr



Joined: 30 May 2008
Posts: 1

PostPosted: Fri 30 May '08 23:47    Post subject: c2 security on apache? (or mysql?) Reply with quote

Hello,

This is my first post here Very Happy

I was wondering if any of you knew. Does apache pass c2 security checks?

Reason being, I work for a large company that refuses to install any software on their servers that does not have c2 security. I want to make them a website, however I need apache server and mysql installed on their server first.
Back to top
tdonovan
Moderator


Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA

PostPosted: Sat 31 May '08 15:38    Post subject: Reply with quote

The short answer is "no" - neither Apache nor MySQL was on the (now discontinued) U.S. Department of Defense "Evaluated Product List" at any level.
The C2 level refers to this old set of standards known as the Rainbow Series from 1985.

Neither Apache nor MySQL is on its 21st-century international successor - the "CCEVS Validated Products List" which uses different rating levels.

It is unlikely that you will ever find an open-source web server certified to this kind of standard. Also, no open-source software is likely to ever cough up the many thousands of dollars needed for this kind of certification. Only commercial software companies (with well-funded marketing departments) are inclined to do this.

Be aware that the term "C2 security" is often used loosely by software and hardware vendors to mean their product has "C2-security-like features". In this context it is just marketing-speak, and has no real meaning. Your use of the phrases "pass c2 security checks" and "have c2 security" sounds like your company uses the term in this context.

FYI - Apache does have robust security features which you can configure - like authentication, authorization, and request logging. For practical purposes it is a secure web server if you take the time to configure it so. Ditto for MySQL.

-tom-
Back to top


Reply to topic   Topic: c2 security on apache? (or mysql?) View previous topic :: View next topic
Post new topic   Forum Index -> News & Hangout