Many people seem to have the impression that security=ssl enabled, and in
some ways it does enhance security, but, it's certainly by no means the
end of the game, nor the beginning. security begins with the OS install.
Not adding packages known to be exploitable , closing out un-needed services
you probably want to look at .htaccess which would prompt people for userid
and password to access certain parts of your webserver.
ssl provides encryption so that data being sent back and forth between your
server and the client can't be easily read.
At 03:37 PM 7/30/2002, you wrote:
>Hello,
For that you do not want SSL. Checkout:
http://httpd.apache.org/docs-2.0/howto/auth.html
For an introduction to SSL and Apache, you can check
out a chapter I have online :
http://apacheworld.org/ty24/site.chapter17.html
Cheers
Daniel
On Tue, Jul 30, 2002 at 02:37:14PM -0500, Henning, Brian wr
Hello,
I am new to the ssl world. Right now I am running w2k with apache 1.3.23 web
server. I downloaded the mod_ssl package from the website. I changed the
port on my apache web server to 443. On a high level what do i need to do to
create a secure web server? I guess my real problem is i don't k