[rt-users] secure apache & rt?
Kieran Rhysling
rhyslink at qmail.qwest.net
Mon Aug 20 18:06:14 EDT 2001
Security was definitely a concern for us as well when setting up RT.
I'm not sure why you're group's guru is insistent on DSO's though.
Personally, I think DSO's might be *slightly* less secure because there's a
possibility of loading a trojaned module. Like I said, a pretty slight
exposure but f you're being hardcore about security, it's something to think
about.
I have mod_ssl compiled into my apache binary (along with mod_securid which
is great if you have RSA SecurID tokens) and it works fine. It wasn't
particulary challenging either.
You could also use Apache's access control or TCP Wrappers to restrict access
to your server.
Just some thoughts,
Kieran
Kieran Rhysling
Staff IP Engineer
Qwest Communications
On Monday 20 August 2001 3:44, Sheeri Kritzer wrote:
> So, I'm working on making my apache a secure webserver (my group thinks
> plaintext passwords of any kind must die) and I was wondering if anybody
> had any suggestions on how to proceed.
>
> The easiest way to compile apache+ssl, according to my group's guru, is to
> compile and install mod_ssl and use apache+ssl, making all the modules
> DSO. I vaguely know that using mod_perl as a DSO makes life harder for us
> RT admins. But not compiling modules DSO makes making a secure webserver
> harder.
>
> anybody solve this problem yet? maybe someone wrote an add-in for rt to
> make it secure?
>
> Sheeri Kritzer
> Systems Administrator
> University Systems Group
> Tufts University
> 617-627-3925
> skritz01 at emerald.tufts.edu
>
>
> _______________________________________________
> rt-users mailing list
> rt-users at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-users
More information about the rt-users
mailing list