httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steven Pierce" <paged...@speakeasy.net>
Subject RE: [users@httpd] Configuration/Installation application
Date Thu, 05 Sep 2002 16:53:21 GMT
Ok.. Thank you for clarifing that for me.  


*********** REPLY SEPARATOR ***********

On 9/5/2002 at 9:52 mail.earthlink.net wrote:
Steven,

Thanks for you rresponse. The answer to your question in a nutshell is yes... The security
issues you raise willbe no more sever or possible that what would already exist on the Client
Box. Keep in mind, the configuration/installation application would be run by the user on
his box for his Apache Server, modifying his Apache config file. 

But as we are limiting what the user could do regarding what could be inserted into the config
file, the user would actually be able to do more "damge" to the config file by manually editing
it...

Thanks...

-----Original Message-----
From: Steven Pierce [mailto:pagedev1@speakeasy.net]
Sent: Thursday, September 05, 2002 9:19 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Configuration/Installation application


Bruce,

Are you sure that you want to do this?   Do you know the kind of issues that can bring up??
 That would be a
security issue just waitting to happen.  Also what would stop the user from pointing more
then one site at
the server, that they would at this point not be paying for.  Also if the user did not put
the correct information
or syntex in, it could bring the entire server.  If you are going to do this, you need to
be sure that they can only
do very, very specific entires.  I would suggest you write a script that would allow them
to entire in one or 
maybe two lines of code.  

The other issue would be if someone could ( and most likely would) exploit this they would
 have almost unlimited
access to the box.  

I am sorry, but I think that you should only allow one hand in the pie.  That way if something
goes wrong you only
have one person that has to remember what was done to try and fix it.  

With that thought one other item came to mind, what if you have 2 or 3 people trying to do
changes at one time.
Now the first two finish and the third person is still updating his part of the file.  They
do a restart on the file so it can
be read, now the third person just lost all of his information.  Not a happy camper at this
point.

I do not think you should do it.    If you do want to, then I would use something like perl
to handle it.


*********** REPLY SEPARATOR ***********

On 9/5/2002 at 8:03 mail.earthlink.net wrote:
Hi:

I'm in need of some form of application that can be used for configuration and installation
of Apache Domains over a number of Servers. Basically, we need to be able to allow the user
to modify the Apache config file with the new Domain information, and then to install some
executables/binaries based upon the Domain(s) selected by the user.

We've looked at a couple of aaplications but haven't seen anything that seems to meet our
specfic needs. An application that could handle the installatino, but also allowed for pretty
good intergration with external scripts (prel/php/etc..) would probably work. The application
also has to have a GUI for the user interface.

Thanks

Bruce Douglas
bedouglas@earthlink.net


Mime
View raw message