On 23 Jun 1997 [EMAIL PROTECTED] wrote: > | The admin server also needs to write to the configuration files, which > | will probably be owned by a different user that the one that the main > | server runs as. > > the server should generally not be able to write its configuration > files directly since this enables malicious users to edit the files at > will (using CGI, SSI whatever). the configuration system should have > a different uid than the server.
malicious users? If the admin server is a striped down httpd running as root, with access.conf that limits access to only specific machines AND we have the think password protected, I dont think that will leave much room for hackers. local users won't have any more rights than remote users. It has already been pointed out that not only netscape, but also that IBM web server project used a separate httpd process running on some high numbered port to run as the config server.. I doubt if either of these maintains additional copies of the config data in sql databases (maybe their own config file format however). I have complete faith that a 1 process striped down apache httpd will not crash until the whole machine crashes. This is something we can rely on. Then, by using CGI Perl or C (which is easily ported to NT) the config files could be modified and the server could be restarted. Some people were discussing the idea of throwing API into apache to allow us to control the server from inside out.. well... this might be nice but for now I think its overkill. and hey... if the main httpd is crashed for some reason all the internal APIs in the world wont help you anyway. It would be wiser just to restart the server anyway. I also agree with the idea of developing somthing for the apache 1.x config file format then proceeding from there.. it should be trivial to change the code to understand the 2.x directive format. ______________________________________________________________________________ Matthew J. Probst | Never underestimate the bandwidth of a station Sys. Programmer, BYU CS Dept |wagon full of tapes hurtling down the highway. [EMAIL PROTECTED] | -Andrew Tanenbaum
