httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Koen Vingerhoets" <koen.vingerho...@ubench.com>
Subject RE: Start laughing already - securing files with Apache and Windowsquestion
Date Fri, 23 Aug 2002 10:09:47 GMT
Tell my bosses...
The online game I run is more secure then our three servers with sensitive
data (adress, mail, phone) from over 500 companies and their employees :(
*sighs sadly*

Koen


-----Original Message-----
From: J. Greenlees [mailto:jaqui@shaw.ca]
Sent: 23 August 2002 12:06
To: users@httpd.apache.org
Subject: Re: Start laughing already - securing files with Apache and
Windowsquestion


well, for starters, it iis a bad practice to leave security data accessable.
then with a win based server, you have security holes being used all the
time by people that hate microsoft. ( outlook express attracts email
viri, iis has, that I have heard of, over 20 security holes in it )
apache is more secure, but the os is not secure, no matter what you do,
so never leave any security related documentation for the server where
people could conceivable access it.
( being polite here, spend to much time repairing computers with
microsoft os to  like it, specially when *nix systems don't have the
same problems.)

did you know that windows was written for the sole purpose of playing
games?  that is it, it is only meant for home users to play games on.

most professionals actually concider windows to be a completely
non-professions os/ui
( win nt, 2k, and xp do still require dos, even though microsoft says
otherwise.)
* check your windows\ system32 dir for ntdos*.sys, there are four
different ones in there
wish I still had the email from alias-wavefront, where one of there
staff told me that the creators of maya 3d modelling animation package
do not concider win to be professional os.

maya is owned by alias-wavefront. :-)


BAO RuiXian wrote:

>Why not, since the directory is protected? Or the protection level is not
high enough?
>
>Bao
>
>"J. Greenlees" wrote:
>
>>no, you don't want it in any directory that a browser will access.
>>only ever put password files outside of web structure directories.
>>
>>BAO RuiXian wrote:
>>
>>>Boyle Owen wrote:
>>>
>>>>(4) You put the password file anywhere you like EXCEPT inside the
docroot
>>>>
>>>>*** I think this might be what was confusing you. You can put the file
anywhere at all - there is no special place for it. However, you have made
one big mistake which is to put it under your docroot (D:/web). This won't
stop it working but it is not very secure since it means a browser can see
it!  move it somewhere unbrowseable like D:/pwds.
>>>>
>>>Just for peculiarity, can we put the password file into the protected
directory itself? I think it should also be safe.
>>>
>>>Bao
>>>
>
>--
>BAO RuiXian, PROGRAMMER, Project Consulting Team, Software Services Group
>AtBusiness Communications Corporation, Kaapeliaukio 1, FIN-00180 Helsinki
>Telephone +358-9-2311 6674, Mobile +358-50-329 6275, Fax +358-9-2311 6601
>Web: www.atbusiness.com, Email: {bao.ruixian, ruixian.bao}@atbusiness.com
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message