On Wed, Feb 16, 2011 at 5:27 PM, Peter Karunyu <pkarunyu@gmail.com> wrote:

I am locked in a sort of argument with another techie...

Said techie says that, for an internet facing web server, using a non-standard port, e.g. 8080 is safer than using port 80.

But I just don't get it. So, specifically for Apache running on RHEL, how safer is a non standard port compared to the default port?

It's a useless perception. Someone who wants to break into your server will first run a port scan to find out what port the service is listening on. Once identified, what matters is how secure the service is configured, not the port it is listening on. However, your friend's argument holds some water for those who bank so much on "security by obscurity". Chuksjonia will break into your server anyway if you do not run a secure app, without any known flaws, whether you run it on port 808, 8081, etc. As a matter of fact, http standard port is 80. So, if you decide to use 8080 or NNNN, you still have to redirect port 80 to 8080 (from the edge). My 2cts -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!