Return-Path: Delivered-To: apmail-httpd-docs-archive@httpd.apache.org Received: (qmail 64972 invoked by uid 500); 23 Sep 2002 13:20:32 -0000 Mailing-List: contact docs-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: docs@httpd.apache.org Delivered-To: mailing list docs@httpd.apache.org Received: (qmail 64955 invoked from network); 23 Sep 2002 13:20:31 -0000 Content-return: allowed Date: Mon, 23 Sep 2002 10:18:28 -0300 From: "Boivin, Patrice J" Subject: RE: Security To: "'docs@httpd.apache.org'" Message-id: <1A4AC4BAB9C50A42854582B69B08C03401071E1B@MSGMARBIO05> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain; charset="iso-8859-1" Content-transfer-encoding: quoted-printable X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N I agree with Rich that something re. Apache security, even if it was = just links, would be useful. I would also like to see something re. Apache on Win32, here we have to = run Apache on that platform. I noticed in O'Reilly's Apache: The Definitive Guide, p. 206: [near the beginning of the chapter on security] "We do not include = win32 in this chapter, even though apache now runs on it, because it is our = opinion that if you care about security you should not be using Win32. That is = not to say that win32 has no security, but it is poorly documented, = understood by very few people, and constantly undermined by bugs and dubious = practices (such as advocating ActiveX downloads from the Web)." Help!!! : ) Regards, Patrice Boivin Systems Analyst (Oracle Certified DBA) Systems Admin & Operations | Admin. et Exploit. des syst=E8mes Technology Services | Services technologiques Informatics Branch | Direction de l'informatique=20 Maritimes Region, DFO | R=E9gion des Maritimes, MPO E-Mail: boivinp@mar.dfo-mpo.gc.ca -----Original Message----- From: Rich Bowen [mailto:rbowen@rcbowen.com]=20 Sent: Saturday, September 21, 2002 3:16 PM To: Apache Documentation Project Subject: Security I have been doing Apache training this week for some folks that are = very concerned about security. We spent about half of Friday doing two things. First, we attempted to figure out what the absolute minimum set of modules was that Apache could run with. Second, we tried to figure out what the minimal file permissions were that we could put on the Apache directories and still have things work. With regard to the former, I discovered some things which surprised me just a little. With regard to the latter, we discovered that the recommended file permissions in the documentation are much more open than they need to be. I'm going to write up some of our observations over the next few days = as I have time, and was hoping to stir up a little interest so that when I have something, some folks will be willing to take a look at it. Rich --=20 Pilgrim, how you journey on the road you chose To find out where the winds die and where the stories go --Pilgrim (Enya - A Day Without Rain) --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org For additional commands, e-mail: docs-help@httpd.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org For additional commands, e-mail: docs-help@httpd.apache.org