durusmail: quixote-users: Dumb mod_scgi / Apache 2 question
Dumb mod_scgi / Apache 2 question
2005-06-10
Matt Patterson
2005-06-10
John Speno
2005-06-15
John Speno
2005-06-16
John Speno
lighttpd - (was Dumb mod_scgi / Apache 2 question
2005-06-16
Michael Watkins
2005-06-10
Ksenia Marasanova
Dumb mod_scgi / Apache 2 question
John Speno
2005-06-15
On Jun 15, 2005, at 9:46 AM, Matt Patterson wrote:
> I regard TCP sockets as a greater security risk than file-based
> sockets.
>
> So, having lots of them in existence for the sole purpose of being
> an SCGI transport - never being used by anything other than Apache
> - seems to me to be messy. I need to firewall all those ports, but
> I can't really restrict them beyond any external network
> interfaces: the ports are still open on the loopback interface.
>
> With file-based sockets I can at least restrict the permissions to
> prevent users other than apache and quixote reading / writing to
> the sockets
>
> Does that make sense?

Certainly. Thanks for the explanation.

And as David Cooke pointed out, there could also be a performance
improvement to be had here.

Now I want unix domain sockets too. Are you working up a patch? I may
try my hand at it for apache1.
reply