On 15 Apr 2002, Perry E. Metzger wrote:
> Brian Behlendorf <brian@collab.net> writes:
> > On 15 Apr 2002, Perry E. Metzger wrote:
> > > Certs are evil. SSH doesn't require them -- it just uses naked public
> > > keys -- which is one reason people like it so much.
> >
> > I'm a bit confused - what's the difference between:
>
> No certificates, just keys. No certs means no CAs. You can add access
> to a machine by editing an authorized_keys file.
Right - and for SSL I can sign my own key, creating my own cert, so I've
got the same in/security but flexibility as SSH - don't I?
> The real problem is that Apache is very large. It has to be to do all
> that it does, but that means that it is hard to secure it because you
> can't audit all the relevant code. Big is bad in security.
If the extra modules are stripped out, and you run only the prefork MPM,
it's pretty small. Perhaps the inauditability of the codebase could be
reconsidered? It's not like people aren't running Apache in pretty secure
production situations - it's at least secure enough for netbsd's own web
site (and openbsd's as well). Maybe we need a DAV module for publicfile?
:)
Brian
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 16 02:43:43 2002