Security was definitely a concern for us as well when setting up RT.
I’m not sure why you’re group’s guru is insistent on DSO’s though.
Personally, I think DSO’s might be slightly less secure because there’s a
possibility of loading a trojaned module. Like I said, a pretty slight
exposure but f you’re being hardcore about security, it’s something to think
I have mod_ssl compiled into my apache binary (along with mod_securid which
is great if you have RSA SecurID tokens) and it works fine. It wasn’t
particulary challenging either.
You could also use Apache’s access control or TCP Wrappers to restrict access
to your server.
Just some thoughts,
Staff IP Engineer
Qwest CommunicationsOn Monday 20 August 2001 3:44, Sheeri Kritzer wrote:
So, I’m working on making my apache a secure webserver (my group thinks
plaintext passwords of any kind must die) and I was wondering if anybody
had any suggestions on how to proceed.
The easiest way to compile apache+ssl, according to my group’s guru, is to
compile and install mod_ssl and use apache+ssl, making all the modules
DSO. I vaguely know that using mod_perl as a DSO makes life harder for us
RT admins. But not compiling modules DSO makes making a secure webserver
anybody solve this problem yet? maybe someone wrote an add-in for rt to
make it secure?
University Systems Group
rt-users mailing list