There are a few other changes that we recommend you make to the web server's configuration. There are very few intrinsic security flaws in the Apache web server, but there are two important ones: As with all web servers, it is generally required to send and receive information to and from anyone on the internet. In many environments, the people telling the server how to behave are not knowledgeable system administrators by trade. Before you discount this fact, take account of the wide proliferation of configurations under which any user on the system can instruct the server to execute arbitrary code for anyone who comes to the site, via CGI scripts.