[techtalk] Secure web server...

Vinnie Surmonde drachen at george.he.net
Fri Oct 15 18:37:40 EST 1999


On Fri, 15 Oct 1999, Walt wrote:

> 1) What kind of server hardware am I looking at having to buy for
> this project? (I would NOT expect more than 100 simultaneous
> users or, as I said above,  to exceed my 512k)

Probably not that much..If you want to go intel and by new, I'd spec out
something like a pII whatever (doesn't matter that much) with 64 or 128 MB
ram (depends on how price sensitive you are, obviously) and a few gigs for
hard drive space and a decent nic

> 2) What is involved in making a 'secure' website? (Please note: I
> am _nearly_ a complete newbie to linux, and I only have a 
> somewhat-greater-than-working-knowledge of HTML.)

if it's just password stuff (and you're not worried about sniffers) use
apache, read up on .htaccess files. There's not any huge randomness
anywhere. I prefer to compile apache rather than use packages, but that's
me. Read the docs and it's fairly straightforward.

If you also want encryption and you're not reselling space to customers,
use apache-SSL -- it's also fairly straightforward. If you are reselling
the licensing gets hairy -- or at least did as of last yearish..I've heard
it's simpler now, but you might want to get the advice of someone who has
dug into the issue more recently. Raven is a good and cheap (apache and
apache-SSL are free) alternative to apache-SSL if the RSA licensing fees
are prohibitive for what you're doing...if you're not reselling it
shouldn't be a big deal, though. It's probably detailed in teh apache-SSL
license, though.

> I know this can be a broad question. :-) But basically, I only
> want to know the non-obvious buggy type problems that I'll
> run into and the software from which I should expect to get the
> best results. I'm a pretty quick learner and I'm studying O'Reilly's
> Programming Perl and I know Java.

that's web development..I know nothing about that ;)

Vinnie
--
Reality is a formality, an agreed upon set of lies -- J.D. Catron
Obligatory pathetic website at http://george.he.net/~drachen


************
techtalk at linuxchix.org   http://www.linuxchix.org




More information about the Techtalk mailing list