tags:

views:

27

answers:

1
+1  Q: 

Including an embedded web server - possible issues with deployment.

While analyzing some approaches to making our web app easier to deploy on our customers' sites, one of the suggestions was to include an embeddable web server to save the customer from needing to configure/install Apache/IIS.

What are some drawbacks to this approach? Specifically, what are the possible issues that we could come across with an embeddable web server if the customer's server already has Apache/IIS running on the default port?

Have you seen this approach taken by any commercial products? If the goal is easier deployment with the least amount of "server surgery" needed during installation, is embedding a web server a viable approach? Or are there more beneficial ways to minimize deployment support?

A: 

I think one big drawback might be that they're going to be inheriting whatever security holes or default settings for Apache / IIS which are being brought in with the embeddable web server. If it's going to be locked down by a savvy network admin, accessed by a limited number of users or machines, etc., that's a different story, but if it's just going to be plopped on the network and visible and consumable to everyone who happens by that's a potential red flag.

Along with that you might also get stuck with upgrade issues, like if Apache or IIS, or some subcomponent your application requires like OpenSSL for example has some update come along to plug a security hole, will you then opt not to disrupt your customer's production environment because they're "most likely" not going to be a victim of that hole, or will you mandate that they upgrade or else you won't take responsibility for the consequences (even though, you whisper to yourself, you put them in that situation in the first place).

The only commercial products I've seen that do this in my limited experience are web appliance and router makers like Linksys, Sonic, Cisco, etc., with their onboard web interface. Usually though those devices are working with set and well-defined protocols and processes, whereas your application might not be so well-defined or straightforward.

Darth Continent  2009-07-28 19:26:42

related questions

How do I add a MIME type to .htaccess?
Difference between the Apache HTTP Server and Apache Tomcat?
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Cleanest & Fastest server setup for Django
Installing Apache Web Server on 64 Bit Mac
Running Apache alongside another web server?
Algorithm behind MD5Crypt
Can you compile Apache HTTP Server and redeploy its binaries to a different location ?
mod_rewrite rule to redirect all requests except for one specific path
How do I create a self signed SSL certificate to use while testing a web app.
Software for Webserver Log Analysis?
What is the difference between an endpoint, a service, and a port when working with webservices?
What are the proper permissions for an upload folder with PHP/Apache?
mod_rewrite to alias one file suffix type to another
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
User authentication on Resin webserver
How do you set up Python scripts to work in Apache 2.0?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP