OpenSales.org: Securing Apache for AllCommerceJun 23, 2000, 06:18 (0 Talkback[s])
(Other stories by Arne W. Flones)
"With millions of computers worldwide connected onto a common backbone, software installation is no longer a "plug and play" affair. This is especially true of software designed to serve documents on the Web. It is not possible to merely sit back and enjoy the benefits of running Web-enabled software. Instead one must be proactive in ensuring that the software, and the information it gathers, remains secure, uncorrupted and to the best extent possible, incorruptible. Nowhere is this more true than for e-commerce software, such as AllCommerce."
"There is no best way to do this except to be paranoid about every detail, pay attention to security alerts and trust no one. Fortunately, Apache has some recommendations. Here is how to put them in practice for AllCommerce."
"The basic procedure is to start by nailing *everything* down to the most secure configuration. Then, as needed, enable individual capabilities. Let's start with the Apache server file ownership and permissions."