Having the port open is probably something of a concern.
However you configure this thing, the web server will need,
via cgi scripts, to have access to your linuxbios source
tree at a minimum. If you're running this on an exposed
host, you'll likely want to be careful.
I took another look at the boa configuration options, and
don't see that you can explicitly limit access by IP address
or anything. However, you can have it bind to a specific
IP address. Thus, one approach would be to have it bind only
to 127.0.0.1. As long as you don't allow ip forwarding on
your machine, this should block access to boa from anywhere
but processes on your local machine, and in any event you'd
have to be accepting source routed packets to get through
to that address. If you're accepting source routed packets,
I think all bets are off :-)
Another option, which would allow more limited exposure,
would be to use firewalling on your machine to filter where
access could come from. You could do this on a port basis
if you run the web server on the external interface, or
at an IP routing basis if you run it on an internal, virtual
interface.
If the security or configurabilty of boa turns out not to
be sufficient for this application (I picked it based on
a whole five minutes of research on freshmeat :) there's a
bunch of other options. thttpd may ultimately be a better
choice, for example.
Finally, there's always the option of running it under
apache, on port 80. I was just looking for something that
gave people a simpler option.
--Bob
On Thu, Jul 05, 2001 at 08:45:06PM -0600, Ronald G Minnich wrote:
> this is pretty cool. One question, does having this port open leave you
> open to having nasty people do terrible things. Can you have an ssh tunnel
> or some such to boa.
>
> ron
