I agree . Make it work first......second I must have missed your post of
using Htaccess to authenticate the user (and for the more paranoid run it under
SSL ) . In my case I am lucky as I am the only one who would dare touch a conf
file on our servers (not by experience , but out of fear , of both my anger ,
and really screwing something up they don't understand and me having to fix it
:)
A couple of other considerations I ( and I say I) think are important is
that the server need to be able to be restarted in two different failsafe
scenarios. 1 being , this config tool pukes out a bogus conf file , and the
server docent want to restart using it , if we are using a Web based config
tool it needs to have a second unadulterated config file that it will restart
with so we can have web access to the server again so we can create (or
restore) a config file it doesn't fail on . So say after 2 minutes if the
server isn't running it grabs another config file to restart, if it wont
restart for 5 more minutes ( because we screwed something up royal) then more
drastic measures need to be taken (i.e. shutdown -r now) ....( I don't want to
be on vacation and have to drive back to restart the server because the web
based admin. I am using has killed the web server that it is using to do admin.
:)...........2 being should the first happen and a rebbot doesn't make things
virgin again through the scripts/code it was supposed to we still need to make
things right again, so .......here is where my brain fails...yet again......how
to start web service on a server (that say for the absolutely paranoid) has NO
ssh , telnet, or X access ....a way to restart the server with some virgin conf
files so thing are at least as they were before our program screwed it up :)
..........which I assure you will happen maybe only in alpha , maybe in beta ,
but it will happen somewhere ( my personal paranoia is a system not restarting
clean:)..........
Some of these concerns arise from when I tried to make APCON (funny the
Copyright was still open then on that name is it now with the conference
)(which some of you may remeber from 6 months ago (the NT based admin tool that
broke miserably when it came to restarting th server) web based , as it had a
nice tendency of killing the server only to hang on restart because VB was
passing some funky nulls......( a bug which a month ago M$ admitted:)
.....anyway ..........Im ready to code......gimme a direction , a cause , a
reason , and a reward .....Im ready to go .......I assume the direction is to
remote admin Apache, .......the direction is to make it idiot proof
.................the reson is to make my life easier..........and the reward,
eternal glory in the life of a GNU app.............This is gonna be GNU right
????? has liscencing ever been discussed here...??????.....Heck Ive garnered
some Ideas ....heck with it, this saved me market research costs......have fun
all......later..........any thieves from M$ can speak up now..........:) yeah
right .........
Chris Wertman ...............
thats pronounced wwwwooooooorrrrrrrrrT ......MAN .............
NOT WORKMEN,WORTMEN ....or anything of the like ..........
And Im just punchy enough to sleep............
Gary E. Bickford wrote:
> At 7:01 PM -0500 9/9/98, Chris Wertman wrote:
> >Look hee I am discussing security .....sheeze.....Anyway not being that
> >familiar
> >with Java in a personal form , does Java have safegaurds to address the
> >different
> >types of security problems that will be found on both platforms..?
>
> Heh, heh!! Jee, I dunno. I think Java itself isn't the problem, but the
> same kinds of issues as if you had a program running on the server that had
> write access to the server config and startup files... SUID issues, etc.
> I maintain that having an ACL mechanism (use htpasswd even - we use
> htpasswd-generated files for authentication of a number of things on our
> server) is probably sufficient for most users. Make it work first.
>
> (OK, everybody who's got their httpd.conf or whatever editable by
> themselves, or members of a group containing the web server user, raise
> your hand - don't be bashful!!)
> GEB
> Gary E. Bickford, [EMAIL PROTECTED]
> Sr. Systems Administrator, Connect Schlumberger http://www.connect.slb.com
>
