[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Best Hidden Service web server?



On Sun, Jan 9, 2011 at 7:37 AM,  <hikki@xxxxxxxxxxxxx> wrote:
> -------- Original Message --------
> From: Orionjur Tor-admin <tor-admin@xxxxxxxxxxxxxxxxxx>
>
>> Is it a bad idea to use an apache for a hidden serice?
>
> Not at all. I'm actually recommending it over any other because it's complex
> and has a lot of traps for you to fall into. That sounds ridiculous right?
> No it isn't, because that will force you to learn it and secure it, instead
> of just relying on a simple and easy to use webserver without having any
> intention of learning anything about security. Security should be your main
> concern and main focus as a hidden service operator, not taking the easy
> route and then lay back and think that your safe just because you installed
> a simple and lightweight webserver.

So you are actually recommending a piece of software with thousands of
options with no real idea what the default will allow, 90% of which
the average home-hoster will not need and will thus not test. And this
over, say, some minimalistic 1000 LOC static-page server? And this for
security?
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/