O'Reilly logo

Mac® Security Bible by Joe Kissell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

18.1. The Basics of Running a Secure Web Server

I want to begin this section with a few words of reassurance. If you're running a simple website (or several) on your Mac, with only static content, such as text, pictures, and movies — and if you take a few simple, commonsense steps to protect your Mac — you're quite safe. With such a setup, your risk of suffering at the hands of web-trolling evildoers is barely higher than if you weren't running a web server at all. Fortunately, that's exactly what many home and small-office Mac users want to do.

The security risks involved in running a web server begin to creep in when you do any of the following:

  • Use Server Side Includes (SSI) or Common Gateway Interface (CGI) programs to put dynamic content on your pages

  • Use scripting languages, such as PHP, Perl, or Python, to process forms or perform other behind-the-scenes functions

  • Use databases, such as MySQL, to store data for your websites

    NOTE

    Database programs with built-in web servers, such as FileMaker Pro and Panorama, are largely resistant to the sorts of dangers that affect common Unix-based database engines.

  • Turn on software features without understanding what they do

  • Paste code into your web pages that you don't understand

If you're doing none of these — for example, merely sharing a blog or photo gallery you created in iWeb with your friends and family — you can skim over this chapter, double-check a few essential settings, and leave it at that. But if you're engaging in any of ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required