getting rid of apache passphrase
freebsd.ph at gmail.com
Thu Jul 13 15:09:33 UTC 2006
On 7/13/06, Jerry McAllister <jerrymc at clunix.cl.msu.edu> wrote:
> > hello people,
> > just want to ask if getting rid of the apache passphrase poses a
> > threat, i don't want the company i worked for calling me up everytime
> > cant access the webserver because the server is asking for the
> > everytime the box restarts du to power failure.
> Depends on how good your control of access to the server is.
> In my case for example, I control physical access to the machine.
> That could be, and has been a problem when I was away and power
> went out, to get things back up, so I got rid of the passphrase.
> Now, as long as the fsck-s clear at boot time, the server makes
> it all the way back up without intervention.
> But, if you have a lot of people running around, even if ignorant,
> then you might want to think again about eliminating it.
> It is less likely to be a concern for remote access, but could come
> up, especially if someone gets root to your server. Of course, then
> all bets are off anyway.
> yeah there are lots of ignorant people here in our organization :D, that
> is why all my nix servers are headless since we don't have room to secure
> them physically. thanks for your all your opinions :)
More information about the freebsd-questions