httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J. Greenlees" <>
Subject Re: Start laughing already - securing files with Apache and Windowsquestion
Date Fri, 23 Aug 2002 10:06:08 GMT
well, for starters, it iis a bad practice to leave security data accessable.
then with a win based server, you have security holes being used all the 
time by people that hate microsoft. ( outlook express attracts email 
viri, iis has, that I have heard of, over 20 security holes in it )
apache is more secure, but the os is not secure, no matter what you do, 
so never leave any security related documentation for the server where 
people could conceivable access it.
( being polite here, spend to much time repairing computers with 
microsoft os to  like it, specially when *nix systems don't have the 
same problems.)

did you know that windows was written for the sole purpose of playing 
games?  that is it, it is only meant for home users to play games on.

most professionals actually concider windows to be a completely 
non-professions os/ui
( win nt, 2k, and xp do still require dos, even though microsoft says 
* check your windows\ system32 dir for ntdos*.sys, there are four 
different ones in there
wish I still had the email from alias-wavefront, where one of there 
staff told me that the creators of maya 3d modelling animation package 
do not concider win to be professional os.

maya is owned by alias-wavefront. :-)

BAO RuiXian wrote:

>Why not, since the directory is protected? Or the protection level is not high enough?
>"J. Greenlees" wrote:
>>no, you don't want it in any directory that a browser will access.
>>only ever put password files outside of web structure directories.
>>BAO RuiXian wrote:
>>>Boyle Owen wrote:
>>>>(4) You put the password file anywhere you like EXCEPT inside the docroot
>>>>*** I think this might be what was confusing you. You can put the file anywhere
at all - there is no special place for it. However, you have made one big mistake which is
to put it under your docroot (D:/web). This won't stop it working but it is not very secure
since it means a browser can see it!  move it somewhere unbrowseable like D:/pwds.
>>>Just for peculiarity, can we put the password file into the protected directory
itself? I think it should also be safe.
>BAO RuiXian, PROGRAMMER, Project Consulting Team, Software Services Group
>AtBusiness Communications Corporation, Kaapeliaukio 1, FIN-00180 Helsinki
>Telephone +358-9-2311 6674, Mobile +358-50-329 6275, Fax +358-9-2311 6601
>Web:, Email: {bao.ruixian, ruixian.bao}
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:> for more info.
>To unsubscribe, e-mail:
>   "   from the digest:
>For additional commands, e-mail:

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message