Help secure your web applications with mod_ssl and suEXEC.
server security is a
issue these days, especially since people are always finding new and
creative ways to put the Web to use. If you’re using
any sort of web application that needs to handle authentication or
provides some sort of restricted information, you should seriously
consider installing a web server with SSL capabilities. Without SSL,
any authentication information your users send to the web server is
sent over the network in the clear, and any information that clients
can access can be viewed by anyone with a sniffer. If you are already
using Apache, you can easily add SSL capabilities with
In addition, if your web server serves up dynamic content for multiple users, you may want to enable Apache’s suEXEC functionality. suEXEC allows your web server to execute server-side scripts as the user that owns them, rather than as the account under which the web server is running. Otherwise, any user could create a script and run code as the account the web server is running under. This is a bad thing, particularly on a multiuser web server. If you don’t review the scripts that your users write before allowing them to be run, they could very well write code that allows them to access other users’ data or other sensitive information, such as database accounts and passwords.
To compile Apache
mod_ssl, download the appropriate