Glossary
A | C | D | E | F | H | I | K | L | M | P | R | S | T | U | V | W | X
A
absolute path
A path that begins with a slash (/). It is interpreted to begin in the host's top-level directory.
access control
The restriction of access to network realms, usually by permitting access by a discrete set of hosts or users and denying it to all others.
algorithm
An unambiguous formula or set of rules for solving a problem in a finite number of steps. Algorithms for encryption are called ciphers.
Apache
A free UNIX Web server which forms the core of the Stronghold server. See the Apache HTTPD Server Project site at http://www.apache.org.
C
CA certificate
A certificate containing a Certification Authority's (CA's) public key. Network entities use this public key to verify certificates signed with the CA's private key.
certificate
A file used for authenticating network entities under the SSL protocol. A certificate contains information about its owner (called the subject) and its issuer, plus the owner's public key and a signature made by a Certification Authority (CA). Network entities verify these signatures using CA certificates.
certificate signing request (CSR)
An unsigned certificate for submission to a Certification Authority, which signs it with its private key. Once the CSR is signed, it becomes a certificate.
Certification Authority (CA)
A trusted third party whose purpose is to sign certificates for network entities it has authenticated using secure means. Other network entities can check the signature to verify that a CA has authenticated the bearer of a certificate.
child process
A subordinate process started by a parent process.
cipher
A system of encryption.
ciphertext
Encrypted data.
client certificate
A certificate authenticating a network client and signed by a Certification Authority (CA). It contains the client's public key.
comment out
To prefix one or more lines with a hash mark (#), marking it for omission from processing, compilation, and interpretation. When Stronghold reads a file, it skips any lines that are commented out.
Common Gateway Interface (CGI)
A standard interface between a Web server and other programs.
Configuration
The file that configures Stronghold's Makefile. It contains the parameters used to compile the server.
configuration file
The ServerRoot/conf/httpd.conf file, which contains the parameters that control Stronghold's behavior.
CONNECT
A proxying protocol under TCP/IP. It can be used to encapsulate other protocols, such as the SSL proxy protocol.
container
A pair of configuration delimiters specifying an object on the server. Directives pertaining to the object go inside the container, between the opening and closing delimiters.
content negotiation
The negotiation of file format or language between client and server. Clients and servers can rank formats and languages in order of preference, then negotiate for the most desirable version.
cryptanalysis
The analysis of ciphers for the purpose of evaluating their security, usually by attempting to break them.
cryptography
The study and practice of encoding data so that it can only be decoded by specific users. Systems of encoding and decoding are called ciphers.
D
decryption
The conversion of encrypted information (ciphertext) to its original, readable form (plaintext).
digest
A hash of a message, which can be used to verify that the contents of the message have not been altered in transit.
directive
A configuration command that controls one or more aspects of a program's behavior.
domain
A computer, a local network, or an entire site, distinguished by a fully-qualified domain name.
Domain Naming System (DNS)
A distributed system for resolving fully-qualified domain names into IP numbers.
E
encryption
The encoding of data in order to hide its content from everyone except its intended viewer. Encryption converts readable data (plaintext) into a seemingly random sequence of characters (ciphertext).
export-crippled
Diminished in cryptographic strength (and security) in order to comply with the United States' Export Administration Regulations (EAR). Export-crippled cryptographic software is limited to a small key size, resulting in ciphertext which can be decrypted by brute force.
F
firewall
A dedicated gateway computer that holds no sensitive data. The firewall intercepts and filters incoming data packets in order to block direct access to internal computer systems.
Focus
UKWeb's Web conferencing program, included with Stronghold in the ServerRoot/focus directory.
FTP
The File Transfer Protocol, a client-server protocol that allows a user to transfer files to and from a server over a TCP/IP network.
fully-qualified domain name
The unique name of a network entity, consisting of a hostname and a domain name that can resolve to an IP address. For example, "www" is a hostname, "c2.net" is a domain name, and "www.c2.net" is a fully-qualified domain name.
H
handler
An aspect of the server that handles requests.
hash
A smaller number produced using a deterministic function and a larger input. Also known as a digest, it is used to verify that the content of a message is intact after transfer.
host
A networked computer that provides services that other computers or terminals can access.
hostname
A unique name that identifies a single host within a network domain.
HTTP
The Hypertext Transport Protocol, the standard protocol of the World Wide Web.
httpd.conf
The Stronghold runtime configuration file, containing directives which the server reads on startup.
HTTPS
The Hypertext Transport Protocol, Secure, the standard SSL communication mechanism of the World Wide Web.
I
IP number
A 32-bit, dotted decimal address, such as 204.17.233.16, that uniquely identifies a network domain and is usually bound to a fully-qualified domain name.
K
keepalive
A server feature which keeps a TCP connection open after an initial request in order to fulfill subsequent requests. Keepalive eliminates the server overhead normally required to open and close an individual connection for each request.
key
A file containing the value that must be fed into an algorithm in order to encrypt or decrypt a message.
key pair
A set of two keys used in public key cryptography. One is the public key used to encrypt data. The other is the private key necessary to decrypt data that has been encrypted with the public key.
L
license key
A string of colon-separated, hexidecimal values that Stronghold Web Server reads on startup to verify that the server software is licensed for the host on which it runs.
local-area network (LAN)
A private group of computers and related peripheral devices that are connected and capable of sharing resources. A LAN may or may not be connected to the Internet.
M
make
The UNIX tool that compiles the Stronghold server binary based on instructions in the Makefile.
Makefile
A file containing the instructions that tell make how to compile Stronghold, taking into account the interdependencies of modules and their modification times.
metainformation
Information about information. Metainformation may include descriptive information about the size, format, or other characteristics of a client request, server response, or a document being transferred.
Mulipurpose Internet Mail Extensions (MIME)
A standard for providing metainformation about documents on the Internet, including non-textual data.
P
parent process
An original, controlling process in a group of related processes. The processes it spawns are called child processes or children.
pass phrase
The word or phrase that authenticates the user who is authorized to start Stronghold. The pass phrase prevents unauthorized users from starting, restarting, or reconfiguring the server.
permission
An access privilege associated with a file or directory, indicating who can use it and how.
plaintext
Readable, unencrypted data.
PHP
Personal Home Page, an HTML-embedded scripting language originally designed for simple home page development. PHP has evolved to become an extended scripting language capable of substituting for CGI and SSI.
platform
An operating system environment and the hardware that supports it.
private key
The secret key in a key pair, used to decrypt incoming messages and sign outgoing ones.
process
In a multitasking environment such as UNIX, one instance of an executing program. The original instance of a program is called the parent process, and it may start one or more child processes.
proxy server
A server that relays requests and responses between clients and other servers.
public key
The publicly available key in a key pair, used to encrypt messages bound for its owner and to decrypt signatures made by its owner.
public key cryptography
The study and application of asymmetric encryption systems, which use one key for encryption and another for decryption. A corresponding pair of such keys constitutes a key pair.
R
relative path
A partial path that does not begin with a slash (/). It is interpreted as relative to the current directory.
request
A message sent from a client to a server requesting one or more server resources.
response
A message sent from a server to a client in relation to a request. A response may contain the requested resources, or it may contain additional information pertaining to the request.
root
The superuser of a UNIX system, a special user with unlimited access to all files, directories, and commands.
S
Secure Sockets Layer (SSL)
A protocol created by Netscape Communications Corporation for authentication and encryption over TCP/IP networks, including the Web.
ServerRoot
The path to the top-level Stronghold directory. In this manual, ServerRoot is always a variable; substitute your actual path.
server-side includes (SSIs)
HTML-embedded commands executed by the server before sending the HTML file to the client.
signature
An encrypted text block that validates a certificate or other file. A Certification Authority (CA) creates a signature by generating a hash of the public key embedded in a certificate, then encrypting the hash with its own private key. Only the CA's public key can decrypt the signature, verifying that the CA has authenticated the network entity that owns the certificate.
site certificate
A certificate authenticating a network host or virtual host and signed by a Certification Authority (CA). A site certificate contains the site's public key.
source
One or more text files, written in a programming language, which can be compiled to form one or more binary files.
SSLeay
An SSL library developed by Eric Young (eay@mincom.oz.au).
SSLTOP
The path to your SSL directory, a subdirectory of ServerRoot. In this manual, SSLTOP is always a variable; substitute your actual path.
status code
A numerical code denoting the status of a client request or a server response.
SWISH
Simple Web Indexing System for Humans, Stronghold's standalone site-indexing program, located in the ServerRoot/swish directory.
symmetric cryptography
The study and application of ciphers that use a single key for both encryption and decryption operations.
T
TCP/IP
Transmission Control Protocol/Internet Protocol, the suite of standard Internet protocols upon which HTTP, HTTPS, FTP, TELNET, and GOPHER are based.
U
uncomment
To remove the hash marks (#) that neutralize one or more lines of text. Programs read a line within a file only if it is uncommented.
V
virtual host
A domain that shares an IP number with its official domain, and possibly with other virtual hosts. It is a hostname bound to the IP number but subservient to the main host.
W
WWWWAIS
Stronghold's stand-alone search gateway, which searches site index files created by SWISH.
X
X.509
An authentication certificate scheme recommended by the International Telegraph and Telephone Consultative Committee and used in SSL authentication.
