Costin Manolache wrote:
So if someone breaks in one node, he has the entire pool :-)
If someone breaks into one node, then they very likely have access to any backend databases anyway. Being able to manipulate the pool is the least of your worries. But it's a valid concern nonetheless.
I don't know - I like to know where the configuration is and to have it under some control.
Some control is a valid point. Being able to switch on and off the "dynamic features" would be useful if it was in httpd.conf (the home of "site policy" information - if our site doesn't want to allow dynamic adding of servers to the pool, it's set once in httpd.conf and that's it).
> I understand having it in a file on the httpd server
is not what people want, but still - having each worker in the pool push config on arbitrary requests seems a bit extreme, and much harder to implement on the server side as well.
Depends on what you mean by "hard". I don't see anything hard about adding headers to a response, it is something we do already.
Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
