getting rid of apache passphrase

Jerry McAllister jerrymc at clunix.cl.msu.edu
Thu Jul 13 15:05:11 UTC 2006


> 
> hello people,
> 
> just want to ask if getting rid of the apache passphrase poses a security
> threat, i don't want the company i worked for calling me up everytime they
> cant access the webserver because the server is asking for the passphrase
> everytime the box restarts du to power failure.

Depends on how good your control of access to the server is.
In my case for example, I control physical access to the machine.
That could be, and has been a problem when I was away and power 
went out, to get things back up, so I got rid of the passphrase.
Now, as long as the fsck-s clear at boot time, the server makes
it all the way back up without intervention.

But, if you have a lot of people running around, even if ignorant,
then you might want to think again about eliminating it.

It is less likely to be a concern for remote access, but could come
up, especially if someone gets root to your server.   Of course, then
all bets are off anyway.

////jerry

> 
> TIA
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"


More information about the freebsd-questions mailing list