-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Monty J. Harder wrote:
On 1/30/06, Jeremy Fowler [email protected] wrote:
Well, I think the only security reason to run an http server on a port other than 80 is to hide it from the general public. Port scanners can get around this hurdle quite easily though. Plus, the fact that you SNAT port 80 to that
"Security through obscurity" isn't. The obscurity just makes it difficult for you to administer it. Put the stupid thing on port 80, do the split DNS that serves the internal IP to the internal machines, and if the internal IP must be changed, change it in DNS. What's the big deal?
The only thing I saw in the original post that would preclude running on port 80 was the desire to run as a non-root user.
This is kind of a moot point, however, as most any distribution will run Apache (or the webserver of your choice) with non-root permissions. The server gets launched as root only so it can start listening on port 80, then immediately drops permissions and runs as a different user (account typically specific to distribution and/or local configuration...debian uses www-data).
- -- Charles Steinkuehler [email protected]