httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject Re: Apache config files and alternate config sources
Date Wed, 15 Aug 2001 16:08:56 GMT
Aaron Bannert wrote:

> One of the biggest dangers in this kind of a thing (and it is rather similiar
> to depending on a remote DTD in XML) is that you are now implicitly trusting
> DNS for authenticity. A poisoned DNS entry could be catastrophic.

We face that problem today with the virtualhost directives, etc (any
directive that can take a DNS name as an argument).

> To me it sounds like the main thing we are trying to accomplish here is
> to allow for centralized configuration, which is useful in things like
> server farms or for rapid deployment of cloned or slightly mutated
> configurations. What other things are we trying to solve with this?

This is exactly what it is for.

-----------------------------------------		"There's a moon
					over Bourbon Street
View raw message