Re: [Cppcms-users] Front-end http server without upload buffering
Brought to you by:
artyom-beilis
Menu
▾
▴
Re: [Cppcms-users] Front-end http server without upload buffering
|
From: Artyom <art...@ya...> - 2010-11-23 19:02:15
|
>
> Do you know of any lightweight webserver that will allow to passthrough
> the body to cppcms without buffering?
>
Have you tried Cherookey or Apache? (I don't know if they do this
or not)
> Or is the only solution to run cppcms in standalone mode as its own
webserver?
> Where'd be the risks to do so?
If your proxy sanitizes the HTML input and handles timeouts it is fine. To
be honest, even if it handles timeouts I think there shouldn't be any problems.
Generally I don't think there should be any security holes in
internal HTTP server with exception of:
1. It does not handle timeouts - so it is very vulnerable against
DoS attacks.
2. It supports only basic HTTP/1.0 and I'm not sure that its internal
file server has good enough security checks.
3. It lacks SSL/HTTPs support.
So generally if:
1. If you run it behind proxy that handles DoS and timeouts for you.
2. If you **do not** serve files (i.e. use internal file server)
3. Do not require SSL, HTTP Authentication or any other advanced feature
4. You do not require strict handling of various HTTP headers (i.e. composing
several same-type headers to one as required by HTTP specification)
Then it should be fine as I don't think that other web servers do much more
checks on protocol itself then I do.
However I hadn't done any stress testing for HTTP server and it is not
a server that tested by wide audience for security etc.
Bottom line:
1. If you use HTTP protocol in **trusted** environment it is Ok.
I mean, if your user has physical access to the device, I'm not
sure how much protection can you provide at all, especially
when you **do** upload code that would run on the device.
2. If you use it behind HTTP proxy that fully sanitizes the input
and you don't serve file from internal file server it is Ok.
3. If you use it behind proxy with great care (make sure that timeouts
handled properly and you don't serve files) then it should be fine as well.
And finally, if you really paranoid about security, define chroot
to some directory that you know user can't do too much harm (CppCMS supports
chrooting, but on the other hand - you upload firware - the code that
would run... so it meaning-less).
Additional notice:
------------------
I do plan in some future to make the HTTP server much more secure
and introduce HTTP/1.1, better file serving and probably even SSL
(mostly as part of creation of Web-Sockets support that can't be
used with current FastCGI or SCGI protocols)
But it is lots of work I have no time to do at this point.
Generally there is not a lots of work to make it production
safe, but this is mostly requires support study of what is
required to be implemented in HTTP web server to make it
secure - i.e. what and how to handle.
Artyom
|
