OS X Personal Web Sharing - how safe?

Discussion in 'macOS' started by nagromme, Mar 8, 2007.

  1. nagromme macrumors G5


    May 2, 2002
    I've always turned PWS off when not in use, but it would be nice to have it up and ready 24/7 so people can grab certain (yes, legal) files from me any time.

    * It would be running in a non-admin account. On a vital machine, but no vital files in that particular account.

    * It would be at an address posted publicly (not here :) )

    * It runs OS X firewall and is behind a DSL router's firewall. Fully-patched Tiger system.

    How safe is this? What ways might people exploit Apache to get at my system? It makes me nervous but it would sure be nice! Talk me into it or talk me out of it :)


    (Ultimate goal is to deliver maps and mods for a UT2004 server. But the server is my laptop, which makes it important when I travel.)
  2. Eraserhead macrumors G4


    Nov 3, 2005
    why not set up some webhosting? I mean ASO is $25 a year for 75MB space and 3GB bandwidth or $50/year for 400MB and 10GB bandwidth and they are highly recommended on MR (e uses them, and I do too but only for a short time.)
  3. nagromme thread starter macrumors G5


    May 2, 2002
    Good thought. In this case, it's a hobby thing and not worth any money to me :) but thanks for the link! I'll keep it in mind.

    Also, it's about 15 GB of files, only a few of which are needed at any one time but the set changes and must be refreshed--which would mean a massive upload from my end every so often.
  4. MisterMe macrumors G4


    Jul 17, 2002
    The US Army switched to Macs running MacOS 9/MacHTTP for its webserver back in the day. Today, it runs MacOS X/4D WebSTAR. The Army had been running Windows, but switched to the Mac for security reasons. Personal Web Sharing is an implementation of opensource Apache, the most popular webserver in the World. 4D WebSTAR is the commercial version of pioneering shareware webserver MacHTTP. I am aware of no security advantage one way or the other between 4D WebSTAR and Apache. You may have more pressing security concerns, but Mac webservers work just fine for the US Army.
  5. Super Macho Man macrumors 6502a

    Super Macho Man

    Jul 24, 2006
    Hollywood, CA
    I would not worry about it at all. Regardless of what user you're logged in as when you turn it on in System Prefs, Apache runs under its own unprivileged account, so even if it could be exploited in some way, it would be very unlikely that that attack could result in root access. The version that ships with OS X (Apache 1.3) is old, stable, and well-tested. Just double-check your permissions in your web-accessible folders, give those folders and the files within them no more permissions than they need, make sure they are owned by the proper account (www:www in /Library/WebServer/Documents and you:you in ~/Sites) and you'll be fine.

Share This Page