site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com User-agent: Mozilla Thunderbird 0.9 (Windows/20041103) See MHO answered point by point below: Or you could let Apache still run. William C. McCain wrote: 1. Apple lets users run Apache on their Macs, though few non-geek end-users do so. So why not my app, too? At risk of misunderstanding your point and going into facts you probably already know, it's a _system wide_ app running as root (initially, before dropping to the apache user), and the only process which may bind to port 80 while it is running. The per-user stuff you see is part of the apache configuration, and not the result of any daemon listening on port 80 running directly because of that user. Are you requiring users not run any other web server if they run your server? 2. My app has been available for some time on the dominant monopolist's OS, and it runs fine there without any privileges (even on XP SP2). Yeah. Winsuck lets non-priviledged users do a lot of horrible things. Because Microsoft lets you do it doesn't mean it's a good idea. You should see the resulting ms-specific twists on SO_REUSEADDR and related bizarre behaviors which have been needed to hack around this in a way that still lets most applications work while reducing the risk of allowing this. But all that's for another list. On multi users system, privileged ports are privileged for a reason, unless you are Windows where any joe user who can log in can subvert the web server, or any other server, for their own purposes. Windows is not, nor ever will be, a system where unprivileged interactive access may be allowed without significant compromise to security. While this is more or less true for any system, it is especially true for Windows. 3. If I change the port number, I'll have to make it configurable, which is a real PITA (not that I'm lazy, mind you). Of course, if one of my users ever DOES want to run both Apache and my app on the same machine, at least ONE of us will have to be re-configured ... Why not use Rendezvous? Pick a port automatically and advertise it. If your app also runs on Windows, you may want to look into Howl which gives you the same interface on both Windows and Mac-OS. The best way to listen on a free port is to bind to port 0 and then use getsockname after the socket is bound to find out which port the kernel atomically found free and bound the socket to listen on. This doesn't work on all platforms (it isn't part of the original BSD sockets behavior), but it does work at least on Linux, Mac-OS and even Windows. For users that don't want to use Rendezvous or would like to set up firewall rules, make the listening port an application preference. It may be a pain to do, but so else is writing software. 4. It's actually rather convenient for my built-in Web server to be "standard", as it has other uses besides the master/remote interface. For instance, users (and I) can check my product's "log files" from their Web browsers on the remote machines. (Yes, I know you can specify a non-standard port in a URL, but I said this was a "convenience" issue.) If you use Rendezvous, Safari will list your service automatically in the bookmarks menu. You need to find a much better reason to bind to port 80 than to save users' typing. Are you really the only web server on the machine? Unless you have convinced IANA that you deserve to be a known port, you will need to do a combination of automatically finding your own dynamic port to bind to and letting the user set it. _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com