Re: Apache -- SSL and normal on same system?
kmself@ix.netcom.com wrote:
> Not necessarily, AFAIK [1]. Regular-mode apache and apache-ssl don't share
> address space, and if configured properly, are working from different
> document roots. The "risk" is about the same as having multiple accounts
> on the same system. Apache is pretty bulletproof -- there aren't a
> whole mess of security problems associated with it (security tends to be
> compromised through CGIs instead).
>
> Here's a different analogy: apache and apache-ssl are like having
> telnet and ssh on the same box. The fact that telnet is inherently
> insecure in terms of data and session *doesn't* mean that ssh is
> insecure, *so long as* no data are allowed to traverse the telnet
> channel which would allow a compromise through ssh (eg:
> userid/password). So if the telnet were configured for unprivileged
> user access in a chroot jail with very little command functionality (an
> approximation of a standard http session), the risk is low.
You just made the light go on, I think. I was trying to run both
secure and normal sites using apache-ssl. I thought that the ssl
version could do both, and it was a matter of configuring each virtual
site to use one or the other. What you're saying is that I need to
install both apache and apache-ssl, running out of separate server
roots. I'll try that.
Thanks!
John
jra@febo.com
--
John Ackermann N8UR
Dayton, Ohio, USA
jra@febo.com -- http://www.febo.com
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3a
mQBtAzgI9hgAAAEDAMiMQDZTVVuVIS0AscJ0Wy63oK4+Q5xvtxbX/ZoG1qCOuYDI
Fph4/RqL9vVEItWBy6ISk+zbkATzPgy84nrI7+GBtld4F9DoHWARQXjC1I8cFZjY
TSe16ffqO/ba1ukLnQAFEbQlSm9obiBSLiBBY2tlcm1hbm4gTjhVUiA8anJhQGZl
Ym8uY29tPokAdQMFEDgI9hjqO/ba1ukLnQEBtYIC/AxJ2RqT0/9TqY8JGEkPx2sw
+W5Z6Tu4UI654t9diGdCcIEPjOG1qUvwH2Xop0Yj9QGoM4NnHIw6qUSN5VH7hHKA
bGnpuTxinuW/gKaI3bt2MC8QZZq0gy2de26907lE2A==
=UHWl
-----END PGP PUBLIC KEY BLOCK-----
Reply to: