Glossary

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

algorithm

An unambiguous formula or set of rules of solving a finite number of steps. Algorithms for encryption are called ciphers.

Apache

A free UNIX Web server that forms the core of the Stronghold server. See the Apache HTTPD Server Project site at http://www.apache.org.

authentication

The positive identification of a network entity as a server, a client, or a user.

AxKit

AxKit is an XML Application Server for Apache that is built using mod_perl. It provides on-the-fly conversion from XML to formats such as HTML, WAP, or text using either W3C standard techniques, or flexible custom code. It ends the high overhead and steep learning curves normally associated with Application Servers such as the major J2EE ones. AxKit uses a built-in Perl interpreter for XML transformation. It is a relatively new product that recently became an official Apache project.

C

CA certificate

A certificate containing a Certification Authority’s (CA) public key. Network entities use this public key to verify certificates signed with the CA’s private key.

certificate

A file used for authenticating network entities under the SSL protocol. A certificate contains information about its owner (called the subject) and its issuer, plus the owner’s public key and a signature made by a Certification Authority (CA). Network entities verify these signatures using CA certificates.

certificate signing request (CSR)

An unsigned certificate for submission to a Certification Authority, which signs it with its private key. Once the CSR is signed, it becomes a certificate.

Certification Authority (CA)

A trusted third party whose purpose is to sign certificates for network entities it has authenticated using secure means. Other network entities can check the signature to verify that a CA has authenticated the bearer of a certificate.

child process

A subordinate process started by a parent process.

cipher

A system of encryption.

ciphertext

Encrypted data.

client certificate

A certificate authenticating a network client and signed by a Certification Authority (CA). It contains the client’s public key.

comment out

To prefix one or more lines with a hash mark (#), marking it for omission from processing, compilation, and interpretation. When Stronghold reads a file, it skips any lines that are commented out.

Common Gateway Interface (CGI)

A standard interface between a Web server and other programs.

Configuration

The file that configures Stronghold’s Makefile. It contains the parameters used to compile the server.

configuration file

The ServerRoot/conf/httpd.conf file, which contains the parameters that control Stronghold’s behavior.

container

A pair of configuration delimiters specifying an object on the server. Directives pertaining to the object go inside the container, between the opening and closing delimiters.

cryptanalysis

The analysis of ciphers for the purpose of evaluating their security, usually by attempting to break them.

cryptography

The study and practice of encoding data so that it can be decoded only by specific users. Systems of encoding and decoding are called ciphers.

D

decrypt

To convert encrypted information (ciphertext) to its original, readable form (plaintext).

directive

A configuration command that controls one or more aspects of a program’s behavior.

Domain Naming System (DNS)

A distributed system for resolving fully-qualified domain names into IP numbers.

E

encryption

The encoding of data in order to hide its content from everyone except its intended viewer. Encryption converts readable data (plaintext) into a seemingly random sequence of characters (ciphertext).

export-crippled

Diminished in cryptographic strength (and security) in order to comply with the United States’ Export Administration Regulations (EAR). Export-crippled cryptographic software is limited to a small key size, resulting in ciphertext that can be decrypted by brute force.

F

FTP

The File Transfer Protocol, a client-server protocol that enables a user to transfer files to and from a server over a TCP/IP network.

fully-qualified domain name

The unique name of a network entity, consisting of a hostname and a domain name that can resolve to an IP address. For example, "www" is a hostname, "redhat.com" is a domain name, and "www.redhat.com" is a fully-qualified domain name.

H

hash

A smaller number produced using a deterministic function and a large input. Also known as a digest, it is used to verify that the content of a message is intact after transfer.

host

A networked computer that provides services that other computers or terminals can access.

hostname

A unique name that identifies a single host within a network domain.

HTTP

The Hypertext Transport Protocol, the standard protocol of the Internet.

httpd.conf

The Stronghold runtime configuration file, containing directives that the server reads on startup.

HTTPS

The Hypertext Transport Protocol, Secure; the standard SSL communication mechanism of the Internet.

I

Improved mod_frontpage

Improved mod_frontpage replaces the Apache-FP patches and module supplied with the Microsoft FrontPage Server Extensions from Microsoft.

IP number

A 32-bit, dotted-decimal address, such as 204.17.233.16, that uniquely identifies a network domain and is usually bound to a fully-qualified domain name.

K

keepalive

A server feature that keeps a TCP connection open after an initial request in order to fulfill subsequent requests. keepalive eliminates the server overhead normally required to open and close an individual connection for each request.

Key

A file containing the value that must be fed into an algorithm in order to encrypt or decrypt a message.

keypair

A set of two keys used in public key cryptography. One is the public key used to encrypt the data. The other is the private key necessary to decrypt data that has been encrypted with the public key.

L

local-area network (LAN)

A private group of computers and related peripheral devices that are connected and capable of sharing resources. A LAN may or may not be connected to the Internet.

M

make

The UNIX tool that compiles the Stronghold server binary according to instructions in the Makefile.

Makefile

A file containing instructions that tell make how to compile Stronghold, taking into account the interdependencies of modules and their modification times.

metainformation

Information about information. Metainformation may include descriptive information about the size, format, or other characteristics of a client request, server response, or a document being transferred.

mod_authz_ldap

The mod_authz_ldap module attempts to:

Map the short form of a distinguished name of a certificate and its issuer (obtained from the environment of mod_ssl) to a user-distinguished name in an LDAP directory.
Check the age of a password in an LDAP directory, denying authorization when the password is too old.
Authorize a user based on roles or on an arbitrary LDAP filter expression.
Authorize a user based on whether the user owns a file or belongs to the group owning a file.

mod_dav

mod_dav is the module that provides HTTP Extensions for Distributed Authoring (DAV) capabilities for Apache web servers. The DAV protocol enables users to author content directly on the web server, without requiring other tools such as ftp or CVS.

mod_perl

mod_perl is the module that enables you to do this by writing your code in Perl, as opposed to using C. For example, you can write code that will rewrite HTTP requests, restrict access to certain pages, or perform database lookups.

mod_status_xml

mod_status_xml and the Stronghold Server Status Reporting Service are companions to Red Hat Network. mod_status_xml is an Apache module that displays current server status in XML format. The Stronghold Server Status Reporting Service regularly collects that status data and maps the trends.

O

OpenSSL

The OpenSSL Project is a collaborative, Open Source effort to develop a robust, commercial-grade, and full-featured, toolkit. It implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

P

parent process

An original, controlling process in a group of related processes. The processes it spawns are called child processes or children.

pass phrase

The word or phrase that authenticates the user who is authorized to start Stronghold. The pass phrase prevents unauthorized users from starting, reloading, or reconfiguring the server.

permission

An access privilege associated with a file or directory, indicating who can use it and how.

plaintext

Readable, unencrypted data.

PHP

An HTML-embedded scripting language originally designed for simple home page development. PHP has evolved to become an extended scripting language capable of substituting for CGI and SSI.

platform

An operating system environment and the hardware that supports it.

private key

The secret key in a key pair, used to decrypt incoming messages and sign outgoing ones.

process

In a multitasking environment such as UNIX, one instance of an executing program. The original instance of a program is called the parent process, and it may start one or more child processes.

proxy server

A server that relays requests and responses between clients and other servers.

public key

The publicly available key in a key pair, used to encrypt messages bound for its owner and to decrypt signatures made by its owner.

public key cryptography

The study and application of asymmetric encryption systems, which use one key for encryption and another for decryption. A corresponding pair of such keys constitutes a key pair.

R

Red Hat Content Accelerator

Red Hat Content Accelerator (TUX), an ultra-high performance web server. It uses network-layer data caching to accelerate static content delivery and CGI scripts to accelerate dynamic content generation.

relative path

A partial path that does not begin with a slash (/). It is interpreted as relative to the current directory.

request

A message sent from a client to a server requesting one or more server resources.

root

The superuser of a UNIX system, a special user with unlimited access to all files, directories, and commands.

S

Secure Sockets Layer (SSL)

A protocol created by Netscape Communications Corporation for authentication and encryption over TCP/IP networks, including the Web.

ServerRoot

A variable that represents the path to the top-level Stronghold directory. As you read this manual, substitute ServerRoot with the path used on your server.

session

A series of two or more related transactions between a client and a server. A session ends when the client quits or the session identifier expires.

signature

An encrypted text block that validates a certificate or other file. A Certification Authority (CA) creates a signature by generating a hash of the public key embedded in a certificate. Only the CA’s public key can decrypt the signature, verifying that the CA has authenticated the network entity that owns the certificate.

site certificate

A certificate authenticating a network host or virtual host and signed by a Certification Authority (CA). A site certificate contains the site’s public key.

source

One or more text files, written in a programming language, that can be compiled to form one or more binary files.

SSLeay

An SSL library developed by Eric Young (eay@cryptsoft.com)

status code

A numerical code that denotes the status of a client request response.

SWISH

Simple Web Indexing System for Humans, Stronghold’s standalone site-indexing program, which is located in the ServerRoot/swish directory.

symmetric cryptology

The study and application of ciphers that use a single key for both encryption and decryption operations.

T

TCP/IP

Transmission Control Protocol/Internet Protocol, the suite of standard Internet protocols upon which HTTP, HTTPS, FTP, TELNET, and GOPHER are based.

Tomcat

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies.

Transport Layer Security (TLS)

A protocol for authentication and encryption over TCP/IP networks, including the Web. TLS is the successor to SSL version 4.0 and is nearly identical. It is being standardized by the Internet Engineering Task Force.