iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

Planning the iTP Secure WebServer PATHMON

Environment

iTP Secure WebServer System Administrator’s Guide—522659-001

3-5

Security for the Server’s Pathway Environment

•

No system dispatching is required to switch among threads in the same process.

Assigning a larger number of processes with a lower number of threads per server has

different benefits:

•

Increased load balancing across CPUs

•

Less susceptibility to CPU and process failures, and better fault isolation

The TANDEM_RECEIVE_DEPTH environment variable has no meaning for server

classes other than httpd.

Security for the Server’s Pathway Environment

When you plan your configuration of the PATHMON environment for the iTP Secure

WebServer, consider taking certain steps to enhance the security of the environment

itself. The following sections of this manual discuss how to manage the security of your

data and provide for secure transactions:

•

Section 4, Configuring for Secure Transport

•

Section 5, Integrating the WebSafe2 Internet Security Processor (WISP)

•

Section 6, Managing the iTP Secure WebServer Using Scripts

The following subsections discuss issues to consider with respect to the iTP Secure

WebServer PATHMON environment:

•

Who Can Modify the Configuration Files? (See below)

•

Who Can Start/Stop the iTP Secure WebServer? (See below)

•

What TCP/IP Port Is the Distributor Process Monitoring? (See below)

•

Common Gateway Interface (CGI) Application Security Considerations (See page

3-6)

•

Pathway CGI Server Class Considerations (See page 3-6)

Who Can Modify the Configuration Files?

By default, access to the /usr/tandem/webserver/admin/conf directory is restricted to the

owner of the directory structure. This is the user ID under which the iTP WebServer was

installed, as described in Section 2, Installing the iTP Secure WebServer. The directory

owner can allow anyone access to the directory. However, the system supervisor can

always access the directory.

Who Can Start/Stop the iTP Secure WebServer?

The default iTP Secure WebServer configuration gives all users in the system execute

and read permission for the bin directory. Therefore, any individual can access the

bin/httpd file and specify a configuration file to start an iTP Secure WebServer. If you

wish to restrict users from starting their own servers, change the default security of the

bin directory and/or the security of the bin/httpd file.