Heartbleed bug
4/07/2014 PF Support

Heartbleed is a flaw in the OpenSSL implementation of the basic cryptographic protocol that secures Web communications, known as SSL. Heartbleed Bug is an issue ONLY with the OpenSSL – which is an open source implementation of the SSL and TLS protocols. It is used on Linux/Unix servers using Apache Web Server software which is also available as open source code. The Linux operating system along with Apache Web Server, MySQL database software and PHP scripting languages are the staples of many hosting providers. Collectively these are commonly referred to as LAMP architecture.

We have Linux Servers that we host our PFMailer applications, WordPress blogs, a number of 3rd party applications and sometimes PHP scripts that are used on UIS sites for specific functions requested or required by clients to allow applications they have run within the UIS applications. None of these applications has an SSL required or installed. If SSL is required, we use SSL protocols from Trustwave rather than OpenSSL.

Most of the inexpensive hosting providers run LAMP based servers. Some of them also provide Windows servers that run PHP, MySQL and Apache on their servers. Others create partitions to run Linux on these servers or vice versa. We do not allow any LAMP based applications to be installed on our Windows servers.

All UIS applications require Windows Servers, Microsoft SQL Server, and Microsoft IIS to run. All of our Windows servers use Licensed products and none of them use open source applications. Because of this none of the UIS sites are at risk from this bug.


Back   
Email This Article To A Friend - Print This Article