Re: An interface to Apache

[Matthew J. Probst]
| On Fri, 20 Jun 1997, Paul Sutton wrote:

if it needs to run as root it will never be installed on any of the sites I run or the sites of my clients. single suid programs that do ONE thing and contain lots of checking would pass after some code inspection. a http server running as root would not.

| > In terms of who gets access to the admin functions, that I guess can

the initial install could just be a script that asks a series of questions, asks the user to confirm and then builds the config. also, there should be only one configuration file plus the mime.types file since this is easier to keep track of and for newbies to understand.

| > More important is that we don't want the back-end programs to allow other

agreed. small do-one-thing-and-one-thing-only programs that are suid root AND that check that the correct (compile time configured) UID is running them. (that would be the config httpd uid). also it would be wise to do sanity checks on how often they are run etc. (for example 4 times per second is clearly too often and is probably some sort of attack).

| > I am assuming the interface will be based on a standard browser here to

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related httpd.apache.org Links announce bugs cvs dev docs gui-dev modproxy-dev packagers testers Request more information about Pantek

not really; you can use Apache with SSL and be your own key authority. the only difference is that Netscape will whine the first time because it doesn't know the CA.

| It would be ok to be your own key authority (I mean.. there is only going

hmm, too bad.

-Bjørn Received on Mon Jun 23 11:07:04 1997