On Friday 10 January 2003 12:11 pm, Andrea Galmacci - awd* wrote: > Lynn,
> > Thttpd is a good option, but rather large comparatively. I don't know > where sh-httpd is lacking from doing this type of project. > > sh-httpd has to my opinion at least two big problems: > > a. lack of POST method support - I know there is a patch but I've never > found it > b. speed - thttpd outperform sh-httpd 4 to 1 at least worst case - display > only I have a version of sh-httpd with a POST-patch. It is not well-tested at this time. I can send it to you if you desire. The speed depends on the actual CGI you are running. To be honest, weblet doesn't run any slower than your test page with thttpd.....but again, this depends on the actual scripting. > > > > > 3. the web server runs as root - that's in most's opinion, as a > matter of fact, a BAD approach for security issues; > > > > Terrible option unless you like having to support commercial boxes that > > have been rooted. I would suggest a C-suid binary to overwrite anything > > after proper authentication (ie... SSL, ssh, zebedee, etc...) and running > > the webserver/CGI as a non-priviledged user. > > you are talking marsian to my ignorance: could you please point me to some > source of information about suid binary? Google for "su-wrapper" or similar binaries. su-wrapper is what I use. I do _NOT_ want any of my CGI-scripts to have root write capabilities. There are dozens of documents on the web to explain this point. > > > > > 4. the interface is not complete but it offers the possibility to > > > > > modify Shorewall scripts maintaining full compatibility with Tom's > > > > > original scripting, launching Shorewall commands (start, stop, ...) > and offering full logs visibility. > > > > I believe Eric W. has a package/executable in his leaf/devel directory > that does this. The project that myself and others are working on goes far > beyond > this and will require a compatability layer for existing LEAF variants... > this is the price to make it work on more than one variant. > will look for. http://leaf.sourceforge.net/devel/ericw/ > Thank you for your comments, NP. I don't know how far your looking into configuring the system, but things starting getting tricky compatibility and core system wise once you get beyond Shorewall and the interfaces. I hope this helps, ~Lynn -- ~Lynn Avants Linux Embedded Appliance Firewall developer http://leaf.sourceforge.net ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
