[rt-users] secure apache & rt?

Kieran Rhysling rhyslink at qmail.qwest.net
Mon Aug 20 18:06:14 EDT 2001


Security was definitely a concern for us as well when setting up RT.

I'm not sure why you're group's guru is insistent on DSO's though. 
Personally, I think DSO's might be *slightly* less secure because there's a 
possibility of loading a trojaned module. Like I said, a pretty slight 
exposure but f you're being hardcore about security, it's something to think 
about.

I have mod_ssl compiled into my apache binary (along with mod_securid which 
is great if you have RSA SecurID tokens) and it works fine. It wasn't 
particulary challenging either. 

You could also use Apache's access control or TCP Wrappers to restrict access 
to your server.

Just some thoughts,
Kieran

Kieran Rhysling
Staff IP Engineer
Qwest Communications

On Monday 20 August 2001 3:44, Sheeri Kritzer wrote:
> So, I'm working on making my apache a secure webserver (my group thinks
> plaintext passwords of any kind must die) and I was wondering if anybody
> had any suggestions on how to proceed.
>
> The easiest way to compile apache+ssl, according to my group's guru, is to
> compile and install mod_ssl and use apache+ssl, making all the modules
> DSO.  I vaguely know that using mod_perl as a DSO makes life harder for us
> RT admins.  But not compiling modules DSO makes making a secure webserver
> harder.
>
> anybody solve this problem yet?  maybe someone wrote an add-in for rt to
> make it secure?
>
> Sheeri Kritzer
> Systems Administrator
> University Systems Group
> Tufts University
> 617-627-3925
> skritz01 at emerald.tufts.edu
>
>
> _______________________________________________
> rt-users mailing list
> rt-users at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-users




More information about the rt-users mailing list