httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boivin, Patrice J" <Boiv...@mar.dfo-mpo.gc.ca>
Subject RE: Security
Date Mon, 23 Sep 2002 13:18:28 GMT
I agree with Rich that something re. Apache security, even if it was just
links, would be useful.

I would also like to see something re. Apache on Win32, here we have to run
Apache on that platform.

I noticed in O'Reilly's Apache: The Definitive Guide, p. 206:

[near the beginning of the chapter on security] "We do not include win32 in
this chapter, even though apache now runs on it, because it is our opinion
that if you care about security you should not be using Win32.  That is not
to say that win32 has no security, but it is poorly documented, understood
by very few people, and constantly undermined by bugs and dubious practices
(such as advocating ActiveX downloads from the Web)."

Help!!!


: )

Regards,
Patrice Boivin
Systems Analyst (Oracle Certified DBA)

Systems Admin & Operations | Admin. et Exploit. des systèmes
Technology Services        | Services technologiques
Informatics Branch         | Direction de l'informatique 
Maritimes Region, DFO      | Région des Maritimes, MPO

E-Mail: boivinp@mar.dfo-mpo.gc.ca


 -----Original Message-----
From: 	Rich Bowen [mailto:rbowen@rcbowen.com] 
Sent:	Saturday, September 21, 2002 3:16 PM
To:	Apache Documentation Project
Subject:	Security

I have been doing Apache training this week for some folks that are very
concerned about security. We spent about half of Friday doing two
things. First, we attempted to figure out what the absolute minimum set
of modules was that Apache could run with. Second, we tried to figure
out what the minimal file permissions were that we could put on the
Apache directories and still have things work.

With regard to the former, I discovered some things which surprised me
just a little. With regard to the latter, we discovered that the
recommended file permissions in the documentation are much more open
than they need to be.

I'm going to write up some of our observations over the next few days as
I have time, and was hoping to stir up a little interest so that when I
have something, some folks will be willing to take a look at it.

Rich

-- 
Pilgrim, how you journey on the road you chose
To find out where the winds die and where the stories go
 --Pilgrim (Enya - A Day Without Rain)


---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message