[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Best Hidden Service web server?
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Best Hidden Service web server?
- From: Anders Andersson <pipatron@xxxxxxxxx>
- Date: Sun, 9 Jan 2011 11:44:04 +0100
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sun, 09 Jan 2011 05:44:10 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=CU9KXvU8wkx0AnEMhifG+4XARVxXPC8Y5pGrD4Cp7AM=; b=sLvlqEUf772wEMSfhF4Yxqi82wSNAu4LwgqTvUVLI7yTe980JAlZCakLoPEoUhef4x NN52u32KkNnB4E5u/oPeZ9VzWMKNdiQKjKMQKIeVv9MvGSetGKiM2aC9x423UtfWN7sz lfbyE1BAmpbb8/gIrgqRIQczNZIPYSOGwO1hg=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=gv27qj5YNrym3T/u1UpnDSAcl3SH8i61uNSikJOeiTuc04j4XcQwKrOy1zx3efX6OC dcwXNzS4P7bU5eUDZVFDI8f/1SQdw7Goh64pYHwSd48pNZWRa1UMwIH9q+e+ljje13sr pcSLMu6wWjYTrdoBE2t8AMGiTFbAGUSw2sl4c=
- In-reply-to: <N1-IEt7SpP3D_@xxxxxxxxxxxxx>
- References: <N1-IEt7SpP3D_@xxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On Sun, Jan 9, 2011 at 7:37 AM, <hikki@xxxxxxxxxxxxx> wrote:
> -------- Original Message --------
> From: Orionjur Tor-admin <tor-admin@xxxxxxxxxxxxxxxxxx>
>
>> Is it a bad idea to use an apache for a hidden serice?
>
> Not at all. I'm actually recommending it over any other because it's complex
> and has a lot of traps for you to fall into. That sounds ridiculous right?
> No it isn't, because that will force you to learn it and secure it, instead
> of just relying on a simple and easy to use webserver without having any
> intention of learning anything about security. Security should be your main
> concern and main focus as a hidden service operator, not taking the easy
> route and then lay back and think that your safe just because you installed
> a simple and lightweight webserver.
So you are actually recommending a piece of software with thousands of
options with no real idea what the default will allow, 90% of which
the average home-hoster will not need and will thus not test. And this
over, say, some minimalistic 1000 LOC static-page server? And this for
security?
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/