Should server start if module cannot behave as configured?

[Dan Poirier <po...@pobox.com>]

mod_auth_digest cannot implement nonce-count checking or the md5-sess 
algorithm if the platform doesn't have shared memory.

Right now, if the admin configures either of these options and the 
platform doesn't have shared memory, the module issues a warning and 
continues without the requested option.

In my opinion, if a security check that the admin requested in the 
configuration cannot be implemented, it should be more than a warning; 
it should be a fatal startup error.

What's the consensus on changing this?

1) What's the right behavior?

2) If it should be changed, what's the best way to do it?  The change 
could break configurations that currently appear to "work", although 
they're not really doing what the admin configured them to do.

Thanks,
Dan

Re: Should server start if module cannot behave as configured?

[Dan Poirier <po...@pobox.com>]

On 09/09/2009 10:57 AM, Jeff Trawick wrote:
>     2) If it should be changed, what's the best way to do it?  The
>     change could break configurations that currently appear to "work",
>     although they're not really doing what the admin configured them to do.
>
>
> how many affected configurations are we talking about?
>
> * did anything that needed shared memory really work before your recent
> fixes?

No.

> * are either of these unsupported features the default?

No.

> * what platforms have no APR support for shared memory?

That I don't know.

But it seems like I probably don't need to worry too much about breaking 
configurations.  The number of users who have turned on these 
unsupported features even though they don't work is probably pretty small.

Dan

RE: Should server start if module cannot behave as configured?

["Plüm, Rüdiger, VF-Group" <ru...@vodafone.com>]

 


________________________________

	From: Jeff Trawick Sent: Mittwoch, 9. September 2009 16:58
	To: dev@httpd.apache.org
	Subject: Re: Should server start if module cannot behave as configured?
	
	
	On Wed, Sep 9, 2009 at 8:57 AM, Dan Poirier <po...@pobox.com> wrote:
	

		mod_auth_digest cannot implement nonce-count checking or the md5-sess algorithm if the platform doesn't have shared memory.
		
		Right now, if the admin configures either of these options and the platform doesn't have shared memory, the module issues a warning and continues without the requested option.
		
		In my opinion, if a security check that the admin requested in the configuration cannot be implemented, it should be more than a warning; it should be a fatal startup error.
		
		What's the consensus on changing this?
		
		1) What's the right behavior?
		


	fail at startup 
	 
	+1
	 
	Regards
	 
	Rüdiger 
	 
	

Re: Should server start if module cannot behave as configured?

[Jeff Trawick <tr...@gmail.com>]

On Wed, Sep 9, 2009 at 8:57 AM, Dan Poirier <po...@pobox.com> wrote:

> mod_auth_digest cannot implement nonce-count checking or the md5-sess
> algorithm if the platform doesn't have shared memory.
>
> Right now, if the admin configures either of these options and the platform
> doesn't have shared memory, the module issues a warning and continues
> without the requested option.
>
> In my opinion, if a security check that the admin requested in the
> configuration cannot be implemented, it should be more than a warning; it
> should be a fatal startup error.
>
> What's the consensus on changing this?
>
> 1) What's the right behavior?
>

fail at startup


>
> 2) If it should be changed, what's the best way to do it?  The change could
> break configurations that currently appear to "work", although they're not
> really doing what the admin configured them to do.
>

how many affected configurations are we talking about?

* did anything that needed shared memory really work before your recent
fixes?
* are either of these unsupported features the default?
* what platforms have no APR support for shared memory?