Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: c2 security on apache? (or mysql?) |
|
Author |
|
bryanr
Joined: 30 May 2008 Posts: 1
|
Posted: Fri 30 May '08 23:47 Post subject: c2 security on apache? (or mysql?) |
|
|
Hello,
This is my first post here
I was wondering if any of you knew. Does apache pass c2 security checks?
Reason being, I work for a large company that refuses to install any software on their servers that does not have c2 security. I want to make them a website, however I need apache server and mysql installed on their server first. |
|
Back to top |
|
tdonovan Moderator
Joined: 17 Dec 2005 Posts: 611 Location: Milford, MA, USA
|
Posted: Sat 31 May '08 15:38 Post subject: |
|
|
The short answer is "no" - neither Apache nor MySQL was on the (now discontinued) U.S. Department of Defense "Evaluated Product List" at any level.
The C2 level refers to this old set of standards known as the Rainbow Series from 1985.
Neither Apache nor MySQL is on its 21st-century international successor - the "CCEVS Validated Products List" which uses different rating levels.
It is unlikely that you will ever find an open-source web server certified to this kind of standard. Also, no open-source software is likely to ever cough up the many thousands of dollars needed for this kind of certification. Only commercial software companies (with well-funded marketing departments) are inclined to do this.
Be aware that the term "C2 security" is often used loosely by software and hardware vendors to mean their product has "C2-security-like features". In this context it is just marketing-speak, and has no real meaning. Your use of the phrases "pass c2 security checks" and "have c2 security" sounds like your company uses the term in this context.
FYI - Apache does have robust security features which you can configure - like authentication, authorization, and request logging. For practical purposes it is a secure web server if you take the time to configure it so. Ditto for MySQL.
-tom- |
|
Back to top |
|
|
|
|
|
|