On Jun 15, 2005, at 9:46 AM, Matt Patterson wrote:
I regard TCP sockets as a greater security risk than file-based
sockets.
So, having lots of them in existence for the sole purpose of being
an SCGI transport - never being used by anything other than Apache
- seems to me to be messy. I need to firewall all those ports, but
I can't really restrict them beyond any external network
interfaces: the ports are still open on the loopback interface.
With file-based sockets I can at least restrict the permissions to
prevent users other than apache and quixote reading / writing to
the sockets
Does that make sense?
Certainly. Thanks for the explanation.
And as David Cooke pointed out, there could also be a performance
improvement to be had here.
Now I want unix domain sockets too. Are you working up a patch? I may
try my hand at it for apache1.
_______________________________________________
Quixote-users mailing list
[email protected]
http://mail.mems-exchange.org/mailman/listinfo/quixote-users
