So, I’m working on making my apache a secure webserver (my group thinks
plaintext passwords of any kind must die) and I was wondering if anybody
had any suggestions on how to proceed.
The easiest way to compile apache+ssl, according to my group’s guru, is to
compile and install mod_ssl and use apache+ssl, making all the modules
DSO. I vaguely know that using mod_perl as a DSO makes life harder for us
RT admins. But not compiling modules DSO makes making a secure webserver
harder.
anybody solve this problem yet? maybe someone wrote an add-in for rt to
make it secure?
Sheeri Kritzer
Systems Administrator
University Systems Group
Tufts University
617-627-3925
skritz01@emerald.tufts.edu
You should be able to build an apache with a static mod_perl and everything
else a dso.On Mon, Aug 20, 2001 at 05:44:49PM -0400, Sheeri Kritzer wrote:
So, I’m working on making my apache a secure webserver (my group thinks
plaintext passwords of any kind must die) and I was wondering if anybody
had any suggestions on how to proceed.
The easiest way to compile apache+ssl, according to my group’s guru, is to
compile and install mod_ssl and use apache+ssl, making all the modules
DSO. I vaguely know that using mod_perl as a DSO makes life harder for us
RT admins. But not compiling modules DSO makes making a secure webserver
harder.
anybody solve this problem yet? maybe someone wrote an add-in for rt to
make it secure?
Sheeri Kritzer
Systems Administrator
University Systems Group
Tufts University
617-627-3925
skritz01@emerald.tufts.edu
rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users
http://www.bestpractical.com/products/rt – Trouble Ticketing. Free.
So, I’m working on making my apache a secure webserver (my group thinks
plaintext passwords of any kind must die) and I was wondering if anybody
had any suggestions on how to proceed.
The easiest way to compile apache+ssl, according to my group’s guru, is to
compile and install mod_ssl and use apache+ssl, making all the modules
DSO. I vaguely know that using mod_perl as a DSO makes life harder for us
RT admins. But not compiling modules DSO makes making a secure webserver
harder.
anybody solve this problem yet? maybe someone wrote an add-in for rt to
make it secure?
We use an external auth that is secure (by SSL), but I’ve installed SSL on
a machine without using DSO. I used mod_ssl and openssl. I don’t
understand why using a DSO would make security more difficult. And I would
think that you could install SSL as a DSO, and mod_perl as not, anyway.
Just because using DSO is the “easiest way,” doesn’t mean it’s the best
way.
~ARK
DSO works just fine if you have perl-5.6.1. We’ve the latest and greatest
of apache, mod_perl, perl, and mod_ssl running with apache modules all
compiled as DSO without difficulty.
Regards,
Christian
I’ve got mod_perl compiled statically and everything else DSO (including
mod_ssl) here, and it runs peachy. It’s pretty straightforward (just
follow the READMEs) and it Just Works. I doubt you’ll have any tricky
problems.On Mon, Aug 20, 2001 at 05:44:49PM -0400, Sheeri Kritzer wrote:
So, I’m working on making my apache a secure webserver (my group thinks
plaintext passwords of any kind must die) and I was wondering if anybody
had any suggestions on how to proceed.
The easiest way to compile apache+ssl, according to my group’s guru, is to
compile and install mod_ssl and use apache+ssl, making all the modules
DSO. I vaguely know that using mod_perl as a DSO makes life harder for us
RT admins. But not compiling modules DSO makes making a secure webserver
harder.
john.case@tenzing.com
Security was definitely a concern for us as well when setting up RT.
I’m not sure why you’re group’s guru is insistent on DSO’s though.
Personally, I think DSO’s might be slightly less secure because there’s a
possibility of loading a trojaned module. Like I said, a pretty slight
exposure but f you’re being hardcore about security, it’s something to think
about.
I have mod_ssl compiled into my apache binary (along with mod_securid which
is great if you have RSA SecurID tokens) and it works fine. It wasn’t
particulary challenging either.
You could also use Apache’s access control or TCP Wrappers to restrict access
to your server.
Just some thoughts,
Kieran
Kieran Rhysling
Staff IP Engineer
Qwest CommunicationsOn Monday 20 August 2001 3:44, Sheeri Kritzer wrote:
So, I’m working on making my apache a secure webserver (my group thinks
plaintext passwords of any kind must die) and I was wondering if anybody
had any suggestions on how to proceed.
The easiest way to compile apache+ssl, according to my group’s guru, is to
compile and install mod_ssl and use apache+ssl, making all the modules
DSO. I vaguely know that using mod_perl as a DSO makes life harder for us
RT admins. But not compiling modules DSO makes making a secure webserver
harder.
anybody solve this problem yet? maybe someone wrote an add-in for rt to
make it secure?
Sheeri Kritzer
Systems Administrator
University Systems Group
Tufts University
617-627-3925
skritz01@emerald.tufts.edu
rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users
“SK” == Sheeri Kritzer skritz01@emerald.tufts.edu writes:
SK> The easiest way to compile apache+ssl, according to my group’s guru, is to
SK> compile and install mod_ssl and use apache+ssl, making all the modules
SK> DSO. I vaguely know that using mod_perl as a DSO makes life harder for us
SK> RT admins. But not compiling modules DSO makes making a secure webserver
SK> harder.
The only issues I still have with mod_perl being DSO is a major memory
leak on apache restart (graceful or regular – makes no difference).
This is with perl 5.005_03. With perl 5.6.1, there should be no
memory leak with the latest mod_perl as a DSO.
Building apache+mod_ssl then mod_perl as a DSO works great for us on
FreeBSD 4.3-STABLE.
Vivek Khera, Ph.D. Khera Communications, Inc.
Internet: khera@kciLink.com Rockville, MD +1-240-453-8497
AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/