Loading ...
Sorry, an error occurred while loading the content.

RE: Apache ASP and Virtual Hosting

Expand Messages
  • Joel Hughes
    Hi, have you looked at http://chamas.com/bench/? This gives you some food for thought regarding performance - but it wont address your security questions. joel
    Message 1 of 3 , Aug 6 3:13 AM
    • 0 Attachment
      Hi,
      have you looked at http://chamas.com/bench/?

      This gives you some food for thought regarding performance - but it wont
      address your security questions.

      joel

      -----Original Message-----
      From: bigbadchimpman [mailto:bigbadchimpman@...]
      Sent: 06 August 2002 04:52
      To: asp@...
      Subject: Apache ASP and Virtual Hosting




      Hi,

      I'm wondering if anyone has used Apache ASP in a Commercial hosting
      environment. I'm am building a new FreeBSD - Apache virtual hosting
      server. Not sure how scalable apache-asp is ? or what security issues
      may arise from installing it ?

      Any comments would be appreciated.




      ---------------------------------------------------------------------
      To unsubscribe, e-mail: asp-unsubscribe@...
      For additional commands, e-mail: asp-help@...





      ---------------------------------------------------------------------
      To unsubscribe, e-mail: asp-unsubscribe@...
      For additional commands, e-mail: asp-help@...
    • Josh Chamas
      ... About security, Apache::ASP has no more security concerns than running mod_perl. To my knowledge neither mod_perl nor Apache::ASP themselves have any
      Message 2 of 3 , Aug 7 4:36 PM
      • 0 Attachment
        bigbadchimpman wrote:
        >
        > Hi,
        >
        > I'm wondering if anyone has used Apache ASP in a Commercial hosting
        > environment. I'm am building a new FreeBSD - Apache virtual hosting
        > server. Not sure how scalable apache-asp is ? or what security issues
        > may arise from installing it ?
        >
        > Any comments would be appreciated.
        >
        >

        About security, Apache::ASP has no more security concerns
        than running mod_perl. To my knowledge neither mod_perl
        nor Apache::ASP themselves have any security holes. There
        was one examples file that shipped with Apache::ASP that had
        a security hole a couple years back, but that's it.

        Using mod_perl itself in a shared environment is fine as
        long as many developers / users are not sharing the same
        executing mod_perl/apache httpd. Because mod_perl is
        persistent across requests, sharing between users could
        result in one user being able to connect to another user's
        database for example. So this kind of use is not secure.
        However, if a user has their own non-shared httpd running,
        then it should be as safe as anything else one can run
        in a virtual hosted environment. The apache/mod_perl httpd
        should probably be running as that user's username in that
        shared hosting environment.

        A final note about security... while I do not know of any
        security holes in Apache::ASP or mod_perl, that is not to
        say that security exploits might not be discovered now or
        in the future. This latter is true with any software.

        Regards,

        Josh
        ________________________________________________________________
        Josh Chamas, Founder phone:714-625-4051
        Chamas Enterprises Inc. http://www.chamas.com
        NodeWorks Link Checking http://www.nodeworks.com


        ---------------------------------------------------------------------
        To unsubscribe, e-mail: asp-unsubscribe@...
        For additional commands, e-mail: asp-help@...
      Your message has been successfully submitted and would be delivered to recipients shortly.