httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sameer <sam...@c2.net>
Subject Re: anonymous CVS access
Date Wed, 30 Jul 1997 18:38:03 GMT
	I agree with Marc's fears. There are tons of people with
accounts on hyperreal. While Brian probably trusts them, they may be
logging in over unencrypted connections, their password could get
snagged, someone could break in, get root, and then insert a security
hole into Apache.

	Anyone remember the security hole that was introduced into the
irc source code? (Yes, I admit it, I used to use irc =)

	I am in favor of having a dedicated machine for apache where
the only access allowed was over encrypted connections and the only
people with accounts were apache group related people.
	The cost of the hardware isn't the issue, I think,
though. It's the cost of the maintanence. I'd be willing to put up
$2-3k to buy the hardware easily, but not maintain it. 

-- 
Sameer Parekh					Voice:   510-986-8770
President					FAX:     510-986-8777
C2Net
http://www.c2.net/				sameer@c2.net

Mime
View raw message