Lawrence
04-20-2001, 05:36 AM
I was just having a bit of a think the other day (not all that shocking I assure you), about some security stuff running server software on your own PC.
I run Apache just on my PC when I'm writing CGI scripts. That's like my development environment. Now for some strange reason I've got two instances of Apache running when I start up my computer (eh, I don't care, I've got plenty of CPU to burn, maybe I should get SETI and let that burn it). I can't terminate them, because I get permission denied (that's Win 2000 for you, thinks it's smarter than you are).
Now I guess there's somewhat of a security risk when I happen to be browsing the web and I've got Apache running (twice in fact). I think I've killed them (something to do with installing Apache as a service?), but basically all you need is my IP address to view the stuff on my PC that's in Apache's directory (Note to would be attackers - it's disabled now!). Considering that forum's like this record IPs (and display them), it makes it even more risky.
Now, I don't know about others, but when I've got apache on my own machine, I just open the security right up - allow everything, everywhere, because hey, it's only me on the computer right? I guess my security is like having a hamster guard the front door.
I'm not worried, just something I was thinking about. Anyone ever had any trouble with doing this sort of thing?
Then there's IIS... but it's all nicely under wraps until I need it :)
I run Apache just on my PC when I'm writing CGI scripts. That's like my development environment. Now for some strange reason I've got two instances of Apache running when I start up my computer (eh, I don't care, I've got plenty of CPU to burn, maybe I should get SETI and let that burn it). I can't terminate them, because I get permission denied (that's Win 2000 for you, thinks it's smarter than you are).
Now I guess there's somewhat of a security risk when I happen to be browsing the web and I've got Apache running (twice in fact). I think I've killed them (something to do with installing Apache as a service?), but basically all you need is my IP address to view the stuff on my PC that's in Apache's directory (Note to would be attackers - it's disabled now!). Considering that forum's like this record IPs (and display them), it makes it even more risky.
Now, I don't know about others, but when I've got apache on my own machine, I just open the security right up - allow everything, everywhere, because hey, it's only me on the computer right? I guess my security is like having a hamster guard the front door.
I'm not worried, just something I was thinking about. Anyone ever had any trouble with doing this sort of thing?
Then there's IIS... but it's all nicely under wraps until I need it :)