On 7/13/06, Jerry McAllister <[EMAIL PROTECTED]> wrote:
> > hello people, > > just want to ask if getting rid of the apache passphrase poses a security > threat, i don't want the company i worked for calling me up everytime they > cant access the webserver because the server is asking for the passphrase > everytime the box restarts du to power failure. Depends on how good your control of access to the server is. In my case for example, I control physical access to the machine. That could be, and has been a problem when I was away and power went out, to get things back up, so I got rid of the passphrase. Now, as long as the fsck-s clear at boot time, the server makes it all the way back up without intervention. But, if you have a lot of people running around, even if ignorant, then you might want to think again about eliminating it. It is less likely to be a concern for remote access, but could come up, especially if someone gets root to your server. Of course, then all bets are off anyway. yeah there are lots of ignorant people here in our organization :D, that is why all my nix servers are headless since we don't have room to secure them physically. thanks for your all your opinions :)
_______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"