SoC Project: Improving Hidden Service Security and Usability
Juliusz.Chroboczek at pps.jussieu.fr
Mon Jun 1 18:57:54 UTC 2009
>> Specifically, I will be creating a how-to guide for securing standard
>> LAMP servers as well as a script that will help Linux users set them up.
>> I have a few ideas for locking down apache, php, etc. but I would
>> appreciate any other ideas admins of hidden services have as well as
>> suggestions on how to implement them.
> Interesting. I've always been conflicted about whether it's possible to
> distill enough how-to advice that novices can actually safely set up a
> complex (i.e. more than just static html) website.
Not to get into a « my Emacs is better than your vi » discussion, but
I've had excellent experiences with Lighttpd. I've also found the code
to be much cleaner than that of thttpd.
Whatever the web server, PHP is a security disaster, and I wouldn't
dream of putting it on a hidden service.
P.S. « PHP is a minor evil perpetrated and created by incompetent amateurs,
whereas Perl is a great and insidious evil, perpetrated by skilled
but perverted professionals. » — Jon Ribbens
More information about the tor-talk