httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Junyong Jiang <>
Subject Re: A fundamentally secure Apache server, any interest?
Date Mon, 16 Nov 2009 14:08:52 GMT
I support you!

2009/11/16 Sweere, Kevin E CTR USAF AFRL/RYT <>

> Greetings,
> I work for the US Air Force.  We have a prototype that dramatically,
> fundamentally increases a web server's security.
> We run an Apache server within a minimized, user-level-only, Linux variant
> only within RAM and from only a DVD (no harddrive).  With no shells,
> hackers
> have nowhere to go.  With no persistent memory, malware has no place to
> reside.  A simple reboot restores the website to a pristine state within
> minutes.
> Because a LiveDVD holds the OS, apps and content, its best for static,
> non-interactive, low-volume, high-value, highly-targeted websites.  Any
> change means burning a new DVD, but this also makes testing easier and less
> noisy.  Logs are tricky to extract.
> While it has worked well, some of us believe its usability drawbacks (e.g.
> limited ability to receive input from users, every change needs a new DVD)
> outweigh its great security benefits making it unmarketable (in govt or
> industry) and thus just another prototype to leave on the shelf.
> I'm curious what your group thinks.  Thanks in advance -- I don't quite
> know
> with whom to discuss this idea.
> Kevin Sweere

View raw message