At 12:54 PM 7/10/2002, you wrote: > That's the responsibility of Windows. By forcing admin privileges to call >apache -k * isn't creating any kind of security. Anybody could create a >simple >five like program or open up services from the control panel to control apache >if their account has the rights to do so. Just because apache.exe and AM >forces >admin requirements, the system does not. > >But I think I see what you're saying and to enforce that we'd need to add >account >checking to the startup code, not the service control code.
We aren't enforcing anything. What we've tried to do is to assure that AM and apache -k foo will do what they are -allowed- to do under the user's current permissions, crippling only the features that the user is -denied-. So if the Apache service is set up to run as effectively nobody, it won't be fixing the service 'Description' to the server string. Big deal. That shouldn't mean it fails, only that the one feature can't be supported [and we should continue.] Apache can and does only does what it's allowed to do. Bill
