httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anthony G. Atkielski" <anth...@atkielski.com>
Subject Re: [users@httpd] Favorite Linux Distribution
Date Wed, 09 Feb 2005 18:14:37 GMT
Tim Burden writes:

> Well, you'll want a cron daemon, and an ssh daemon and maybe some other
> little handy things, but I certainly agree with this sentiment.

Sure, there are some things you'll probably want to run on any system.
But important stuff (things that will cause problems if they are
compromised or stop working) should be isolated elsewhere.

For example, if your Web server references a database to build pages for
output, the actual DBMS and database themselves should be on a different
machine.  The Web server is exposed to the Net.  The database server
sees only the Web server.  If your Web server is compromised, your
database is still likely to be safe, especially if the interface between
the two is restrictive, proprietary, and authenticated.

Other services can be similarly isolated.  Of course, you need hardware
resources for all this, but if you have the means, it's the way to go.

The idea of putting everything on a single machine seems to be very
popular, perhaps because so many people running servers today have only
PC desktop experience behind them. If budget constraints force you to
run everything on one machine, then there isn't much that can be done,
but if you have a choice, separate desktop and server, then separate the
server even further into separate services: Apache on one machine, BIND
on anothter, sendmail on another, your favorite DBMS on another, and so
on.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message