httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rich Bowen <>
Subject Re: Proposal for Improviing the Security Docs
Date Tue, 18 Sep 2001 00:16:29 GMT
On Mon, 17 Sep 2001, Allan Liska wrote:

> Rich,
> Thanks for your comments, please see my answers in-line...
> On Mon, 17 Sep 2001, Rich Bowen wrote:
> > On Sun, 16 Sep 2001, Allan Liska wrote:
> >
> > > Hello,
> > >
> > >   As I mentioned earlier this week, I would like to try to improve the
> > >   layout of the security docs.  I'd really like feedback from people
> > >   on this list as to how in-depth the documents should go.  As an
> > >   example, should we explain how to set permissions for optimal
> > >   security in an Apache root directory?
> >
> > Yes. The documentation should be the one location where folks need to
> > look for information on how to run the Apache server. There are cases
> > where off-site links may be appropriate, but I tend to think that the
> > docs should be comprehensive.
> >
> Okay...that makes sense, so then explaining to people how to chmod and
> chroot is not outside the realm of this documentation?  Also, are there
> enough people on this list comfortable in their system security knowledge
> to review any documents presented, to ensure there are no errors...or
> really bad ideas :)?

oh, well, I don't think that the use of chmod and chroot needs be
covered. I did not think you meant going to that extreme.

> Another good point.  I don't know that it is something that even needs to
> be filled in, it is probably more appropriate just to put links to the
> existing sections, and let readers figure things out from the information
> in those documents.  If this doesn't make sense, maybe I should put
> together a sample document on something like Server Side Includes this
> week and submit it to the list so I can provide a more clear example?

Yes, submitting samples is a good place to start.
I'm looking forward to that.

Rich Bowen -
ReefKnot -

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message