Glossary

absolute path
A path that begins with a slash (/). It is interpreted to begin in the host's top-level directory.

access path
The restriction of access to network realms, usually by permitting access by a discrete set of hosts or users and denying it to all others.

algorithm
An unambiguous formula or set of rules of solving a finite number of steps. Algorithms for encryption are called ciphers.

Apache
A free UNIX Web server which forms the core of the Stronghold server. See Apache HTTPD Server Project site at http://www.apache.org

authentication
The positive identification of a network entity as a server, a client or a user.

C

CA certificate
A certificate containing a Certification Authority's (CA) public key. Network entities use this public key to verify certificates signed with the CA's private key.

certificate
A file used for authenticating network entities under the SSL protocol. A certificate contains information about its owner (called the subject) and its issuer, plus the owner's public key and a signature made by a Certification Authority (CA). Network entities verify these signatures using CA certificates.

certificate signing request (CSR)
An unsigned certificate for submission to a Certification Authority, which signs it with its private key. Once the CSR is signed, it becomes a certificate.

Certification Authority (CA)
A trusted third party whose purpose is to sign certificates for network entities it has authenticated using secure means. Other network entities can check the signature to verify that a CA has authenticated the bearer of a certificate.

child process
A subordinate process started by a parent process.

cipher A system of encryption.

ciphertext
Encrypted data.

client certificate
A certificate authenticating a network client and signed by a Certification Authority (CA). It contains the client's public key.

comment out
To prefix one or more lines with a hash mark (#), marking it for omission from processing, compilation, and interpretation. When Stronghold reads a file, it skips any lines that are commented out.

Common Gateway Interface (CGI)
A standard interface between a Web server and other programs.

Configuration
The file that configures Stronghold's Makefile. It contains the parameters used to compile the server.

configuration file
The <ServerRoot>/conf/httpd.conf file, which contains the parameters that control Stronghold's behaviour.

CONNECT
A proxying protocol under TCP/IP. It can be used to encapsulate other protocols, such as the SSL proxy protocol.

container
A pair of configuration delimiters specifying an object on the server. Directives pertaining to the object go inside the container, between the opening and closing delimiters

content negotiation
The negotiation of file format or language between client and server. Clients and servers can rank formats and languages in order of preference, then negotiate for the most desirable version.

cryptanalysis
The analysis of ciphers for the purpose of evaluating their security, usually by attempting to break them

cryptography The study and practice of encoding data so that it can only be decoded by specific users. Systems of encoding and decoding are called ciphers.

D

decryption
the conversion of encrypted information ( ciphertext) to its original, readable form (plaintext).

denial-of-service attack
A network attack created by flooding a host with data. When a server's resources are occupied by such and attack, legitimate requests may be denied. If the rate and volume of data reach a certain level, the server program may crash.

digest
A hash of a message, which can be used to verify that the contents of the message have not been altered in transit.

directive
A configuration command that controls one or more aspects of a program's behaviour.

Domain Naming System (DNS)
A distributed system for resolving fully-qualified domain names into IP numbers.

E

encryption
The encoding of data in order to hide its content from everyone except its intended viewer. Encryption converts readable data ( plaintext) into a seemingly random sequence of characters ( ciphertext).

export-crippled
diminished in cryptographic strength (and security) in order to comply with the United States' Export Administration Regulations (EAR). Export-crippled cryptographic software is limited to a small key size, resulting in ciphertext which can be decrypted by brute force.

F

firewall
A dedicated gateway computer that holds no sensitive data. The firewall intercepts and filters incoming data packets in order to block direct access to internal computer systems.

FTP
The File Transfer Protocol, a client-server protocol that allows a user to transfer files to and from a server over a TCP/IP network.

fully-qualified domain name
The unique name of a network entity, consisting of a hostname and a domain name that can resolve to an IP address. For example, "www" is a hostname, "c2.net" is a domain name, and "www.c2.net" is a fully-qualified domain name.

H

handler
An aspect of the server that handles requests.

hash
A smaller number produced using a deterministic function and a large input. Also known as a digest, it is used to verify that the content of a message is intact after transfer.

host
A networked computer that provides services that other computers or terminals can access.

hostname
A unique name that identifies a single host within a network domain.

HTTP
The Hypertext Transport Protocol, the standard protocol of the World Wide Web.

httpd.conf
The Stronghold runtime configuration file, containing directives which the server reads on startup.

HTTPS
The Hypertext Transport Protocol, Secure, the standard SSl communication mechanism of the World Wide Web.

I

IP number
A 32-bit, dotted decimal address, such as 204.17.233.16, that uniquely identifies a network domain and is usually bound to a fully-qualified domain name.

K

keepalive
A server feature which keeps a TCP connection open after an initial request in order to fulfill subsequent requests. keepalive eliminates the server overhead normally required to open and close an individual connection for each request.

Key
A file containing the value that must be fed into an algorithm in order to encrypt or decrypt a message.

key pair
A set of two keys used in public key cryptography. One is the public key used to encrypt the data. the other is the private key necessary to decrypt data that has been encrypted with the public key.

L

License key
A string of colon-separated, hexidecimal values that Stronghold Web Server reads on startup to verify that the server software is licensed for the host on which it runs.

local-area network (LAN)
A private group of computers and related peripheral devices that are connected and capable of sharing resources. A LAN may or may not be connected to the Internet.

M

make
The UNIX tool that compiles the Stronghold server binary based on instructions in the Makefile.

Makefile
A file containing instructions that tell make how to compile Stronghold, taking into account the interdependencies of modules and their modifications times.

metainformation
Information about information. Metaininformation may include descriptive information about the size, format, or other characteristics of a client request, server response, or a document being transferred.

MIME
(Multipurpose Internet Mail Extensions). A standard for providing metaininformation about documents on the Internet, including non-textual data.

P

parent process
An original, controlling process i a group of related processes. The process it spawns are called child processors or children

pass phrase
The word or phrase that authenticates the user who is authorized to start Stronghold. The pass phrase prevents unauthorized users from starting, restarting, or reconfiguring the server.

permission
An access privilege associated with a file or directory, indicating who can use it and how.

plaintext
Readable, unencrypted data.

PHP
personal home Page, and HTML-embedded scripting language originally designed for simple home page development. PHP has evolved to become an extended scripting language capable of substituting for CGI and SSI.

platform
An operating system environment and the hardware that supports it.

private key
The secret key in a key pair, used to decrypt incoming messages and sign outgoing ones.

process
In a multitasking environment such as UNIX, one instance of an executing program. The original instance of a program is called the parent process, and it may start one or more child processes.

proxy server
A server that relays requests and responses between clients and other servers.

public key
The publicly available key in a key pair, used to encrypt messages bound for its owner and to decrypt signatures made by its owner.

public key cryptography
The study and application of asymmetric encryption systems, which use one key for encryption and another for decryption. A corresponding pair of such keys constitutes a key pair.

R

relative path
A partial path that does not begin with a slash (/). It is interpreted as relative to the current directory.

request
A message sent from a client to a server requesting one or more server resources.

response
A message sent from a server to a client in relation to a request. A response may contain the requested resources, or it may contain additional information pertaining to the request.

root
The superuser of a UNIX system, a special user with unlimited access to all files, directories and commands.

S

Secure Sockets Layer (SSL)
A protocol created by Netscape Communications Corporation for authentication and encryption over TCP/IP networks, including the Web.

ServerRoot
The path to the top-level Stronghold directory. In this manual <ServerRoot> is always a variable; substitute the actual path.

server-side includes (SSIs)
HTML-embedded commands executed by the server before sending the HTML file to the client.

session
A series of two or more related transactions between a client and a server. A session ends when the client quits or the session identifier expires.

signature
An encrypted text block that validates a certificate or other file. A Certification Authority (CA) creates a signature by generating a hash of the public key embedded in a certificate. Only the CA's public key can decrypt the signature, verifying that the CA has authenticated the network entity that owns the certificate.

site certificate
A certificate authenticating a network host or virtual host and signed by a Certification Authority (CA). A site certificate contains the site's public key.

source
One or more text files, written in a programming language, which can be compiled to form one or more binary files.

SSleay
An SSL library developed by Eric Young (eay@cryptsoft.com)

status code
A numerical code denoting the status of a client request response.

SWISH
Simple Web Indexing System for Humans, Stronghold's standalone site-indexing program, located in the <ServerRoot>/SWISH directory.

symmetric cryptography
The study and application of ciphers that use a single key for both encryption and decryption operations.

T

TCP/IP
Transmission Control Protocol/Internet Protocol, the suite of standard Internet protocols upon which HTTP, HTTPS, FTP, TELENET, and GOPHER are based.

Transport Layer Security (TLS)
A protocol for authentication and encryption over TCP/IP networks, including the Web. TLS is the successor to SSL version 3.0 and is nearly identical. It is being standardizing by the Internet Engineering Task Force.

U

uncomment
To remove the hash marks (#) that comment out, or neutralize, one or more lines of text. Programs read a line within a file only if it is uncommented.

V

virtual host
A domain that shares a host with other domains.

W

WWWWAIS
Stronghold's stand-alone search gateway, which searches site index files created by SWISH.

X

x.509
An authentication certificate scheme recommended by the International Telegraph and Telephone Consultive Committee and used in SSL authentication.

absolute path	A path that begins with a slash (/). It is interpreted to begin in the host's top-level directory.
access path	The restriction of access to network realms, usually by permitting access by a discrete set of hosts or users and denying it to all others.
algorithm	An unambiguous formula or set of rules of solving a finite number of steps. Algorithms for encryption are called `cipher`s.
Apache	A free UNIX Web server which forms the core of the Stronghold server. See Apache HTTPD Server Project site at `http://www.apache.org`
authentication	The positive identification of a network entity as a server, a client or a user.
C
CA certificate	A certificate containing a Certification Authority's (CA) public key. Network entities use this public key to verify certificates signed with the CA's `private key`.
certificate	A file used for authenticating network entities under the SSL protocol. A certificate contains information about its owner (called the subject) and its issuer, plus the owner's `public key` and a signature made by a Certification Authority (CA). Network entities verify these signatures using CA certificates.
certificate signing request (CSR)	An unsigned certificate for submission to a Certification Authority, which signs it with its private key. Once the CSR is signed, it becomes a certificate.
Certification Authority (CA)	A trusted third party whose purpose is to sign certificates for network entities it has authenticated using secure means. Other network entities can check the signature to verify that a CA has authenticated the bearer of a certificate.
child process	A subordinate process started by a `parent process`.
cipher	A system of encryption.
ciphertext	Encrypted data.
client certificate	A certificate authenticating a network client and signed by a Certification Authority (CA). It contains the client's `public key`.
comment out	To prefix one or more lines with a hash mark (#), marking it for omission from processing, compilation, and interpretation. When Stronghold reads a file, it skips any lines that are commented out.
Common Gateway Interface (CGI)	A standard interface between a Web server and other programs.
Configuration	The file that configures Stronghold's Makefile. It contains the parameters used to compile the server.
configuration file	The `<ServerRoot>/conf/httpd.conf` file, which contains the parameters that control Stronghold's behaviour.
CONNECT	A proxying protocol under `TCP/IP`. It can be used to encapsulate other protocols, such as the SSL proxy protocol.
container	A pair of configuration delimiters specifying an object on the server. Directives pertaining to the object go inside the container, between the opening and closing delimiters
content negotiation	The negotiation of file format or language between client and server. Clients and servers can rank formats and languages in order of preference, then negotiate for the most desirable version.
cryptanalysis	The analysis of ciphers for the purpose of evaluating their security, usually by attempting to break them
cryptography	The study and practice of encoding data so that it can only be decoded by specific users. Systems of encoding and decoding are called `cipher`s.
D
decryption	the conversion of encrypted information ( `ciphertext`) to its original, readable form (plaintext).
denial-of-service attack	A network attack created by flooding a host with data. When a server's resources are occupied by such and attack, legitimate requests may be denied. If the rate and volume of data reach a certain level, the server program may crash.
digest	A hash of a message, which can be used to verify that the contents of the message have not been altered in transit.
directive	A configuration command that controls one or more aspects of a program's behaviour.
Domain Naming System (DNS)	A distributed system for resolving fully-qualified domain names into IP numbers.
E
encryption	The encoding of data in order to hide its content from everyone except its intended viewer. Encryption converts readable data ( `plaintext`) into a seemingly random sequence of characters ( `ciphertext`).
export-crippled	diminished in cryptographic strength (and security) in order to comply with the United States' Export Administration Regulations (EAR). Export-crippled cryptographic software is limited to a small key size, resulting in ciphertext which can be decrypted by brute force.
F
firewall	A dedicated gateway computer that holds no sensitive data. The firewall intercepts and filters incoming data packets in order to block direct access to internal computer systems.
FTP	The File Transfer Protocol, a client-server protocol that allows a user to transfer files to and from a server over a `TCP/IP` network.
fully-qualified domain name	The unique name of a network entity, consisting of a hostname and a domain name that can resolve to an IP address. For example, "www" is a hostname, "c2.net" is a domain name, and "www.c2.net" is a fully-qualified domain name.
H
handler	An aspect of the server that handles requests.
hash	A smaller number produced using a deterministic function and a large input. Also known as a `digest`, it is used to verify that the content of a message is intact after transfer.
host	A networked computer that provides services that other computers or terminals can access.
hostname	A unique name that identifies a single host within a network domain.
HTTP	The Hypertext Transport Protocol, the standard protocol of the World Wide Web.
httpd.conf	The Stronghold runtime configuration file, containing directives which the server reads on startup.
HTTPS	The Hypertext Transport Protocol, Secure, the standard SSl communication mechanism of the World Wide Web.
I
IP number	A 32-bit, dotted decimal address, such as 204.17.233.16, that uniquely identifies a network domain and is usually bound to a `fully-qualified domain name`.
K
keepalive	A server feature which keeps a TCP connection open after an initial request in order to fulfill subsequent requests. keepalive eliminates the server overhead normally required to open and close an individual connection for each request.
Key	A file containing the value that must be fed into an algorithm in order to encrypt or decrypt a message.
key pair	A set of two keys used in `public key cryptography`. One is the `public key` used to encrypt the data. the other is the `private key` necessary to decrypt data that has been encrypted with the public key.
L
License key	A string of colon-separated, hexidecimal values that Stronghold Web Server reads on startup to verify that the server software is licensed for the host on which it runs.
local-area network (LAN)	A private group of computers and related peripheral devices that are connected and capable of sharing resources. A LAN may or may not be connected to the Internet.
M
make	The UNIX tool that compiles the Stronghold server binary based on instructions in the Makefile.
Makefile	A file containing instructions that tell make how to compile Stronghold, taking into account the interdependencies of modules and their modifications times.
metainformation	Information about information. Metaininformation may include descriptive information about the size, format, or other characteristics of a client request, server response, or a document being transferred.
MIME	(Multipurpose Internet Mail Extensions). A standard for providing metaininformation about documents on the Internet, including non-textual data.
P
parent process	An original, controlling process i a group of related processes. The process it spawns are called `child process`ors or children
pass phrase	The word or phrase that authenticates the user who is authorized to start Stronghold. The pass phrase prevents unauthorized users from starting, restarting, or reconfiguring the server.
permission	An access privilege associated with a file or directory, indicating who can use it and how.
plaintext	Readable, unencrypted data.
PHP	personal home Page, and HTML-embedded scripting language originally designed for simple home page development. PHP has evolved to become an extended scripting language capable of substituting for CGI and SSI.
platform	An operating system environment and the hardware that supports it.
private key	The secret key in a `key pair`, used to decrypt incoming messages and sign outgoing ones.
process	In a multitasking environment such as UNIX, one instance of an executing program. The original instance of a program is called the `parent process`, and it may start one or more `child process`es.
proxy server	A server that relays requests and responses between clients and other servers.
public key	The publicly available key in a key pair, used to encrypt messages bound for its owner and to decrypt signatures made by its owner.
public key cryptography	The study and application of asymmetric encryption systems, which use one key for encryption and another for decryption. A corresponding pair of such keys constitutes a `key pair`.
R
relative path	A partial path that does not begin with a slash (/). It is interpreted as relative to the current directory.
request	A message sent from a client to a server requesting one or more server resources.
response	A message sent from a server to a client in relation to a request. A response may contain the requested resources, or it may contain additional information pertaining to the request.
root	The superuser of a UNIX system, a special user with unlimited access to all files, directories and commands.
S
Secure Sockets Layer (SSL)	A protocol created by Netscape Communications Corporation for authentication and encryption over `TCP/IP` networks, including the Web.
ServerRoot	The path to the top-level Stronghold directory. In this manual `<ServerRoot>` is always a variable; substitute the actual path.
server-side includes (SSIs)	HTML-embedded commands executed by the server before sending the HTML file to the client.
session	A series of two or more related transactions between a client and a server. A session ends when the client quits or the session identifier expires.
signature	An encrypted text block that validates a certificate or other file. A `Certification Authority (CA)` creates a signature by generating a `hash` of the public key embedded in a certificate. Only the CA's `public key` can decrypt the signature, verifying that the CA has authenticated the network entity that owns the certificate.
site certificate	A certificate authenticating a network host or virtual host and signed by a `Certification Authority (CA)`. A site certificate contains the site's `public key`.
source	One or more text files, written in a programming language, which can be compiled to form one or more binary files.
SSleay	An SSL library developed by Eric Young (eay@cryptsoft.com)
status code	A numerical code denoting the status of a client request response.
SWISH	Simple Web Indexing System for Humans, Stronghold's standalone site-indexing program, located in the <`ServerRoot>/SWISH` directory.
symmetric cryptography	The study and application of `cipher`s that use a single key for both encryption and decryption operations.
T
TCP/IP	Transmission Control Protocol/Internet Protocol, the suite of standard Internet protocols upon which HTTP, HTTPS, FTP, TELENET, and GOPHER are based.
Transport Layer Security (TLS)	A protocol for authentication and encryption over TCP/IP networks, including the Web. TLS is the successor to SSL version 3.0 and is nearly identical. It is being standardizing by the Internet Engineering Task Force.
U
uncomment	To remove the hash marks (#) that comment out, or neutralize, one or more lines of text. Programs read a line within a file only if it is uncommented.
V
virtual host	A domain that shares a host with other domains.
W
WWWWAIS	Stronghold's stand-alone search gateway, which searches site index files created by `SWISH`.
X
x.509	An authentication certificate scheme recommended by the International Telegraph and Telephone Consultive Committee and used in SSL authentication.