getting rid of apache passphrase
Jerry McAllister
jerrymc at clunix.cl.msu.edu
Thu Jul 13 15:05:11 UTC 2006
>
> hello people,
>
> just want to ask if getting rid of the apache passphrase poses a security
> threat, i don't want the company i worked for calling me up everytime they
> cant access the webserver because the server is asking for the passphrase
> everytime the box restarts du to power failure.
Depends on how good your control of access to the server is.
In my case for example, I control physical access to the machine.
That could be, and has been a problem when I was away and power
went out, to get things back up, so I got rid of the passphrase.
Now, as long as the fsck-s clear at boot time, the server makes
it all the way back up without intervention.
But, if you have a lot of people running around, even if ignorant,
then you might want to think again about eliminating it.
It is less likely to be a concern for remote access, but could come
up, especially if someone gets root to your server. Of course, then
all bets are off anyway.
////jerry
>
> TIA
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list