httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Quellhorst" <>
Subject Question about Apache Security on virtual hosting
Date Fri, 15 Dec 2000 03:35:33 GMT

I have noticed on most all shared virtual hosting companies that run apache,
any user with an account can go in and read the source code to the other
people's scripts.

This means that database user name and passwords can be read. Even on
e-commerce hosting companies this is largely the case. I know that you can
set a user directive inside of virtual hosts but that only works with cgi

Is there a way in apache 1.3, other than making separate running copies of
apache for each user, to have all requests CGI and Non-CGI to be done by a
different user for every virtual host.

I also do Host: based virtual hosting, so separate instances are really not
possible. If I compile php as a cgi, I then also have the issue of ssi
scripts doing includes inside of other people's directories.

Will Apache 2.0 solve this? I currently have the latest cvs dump of apache
2.0 running on my machine for testing. If there is a way to solve this issue
with 2.0 I would love to know how.

I would really value any input that you have.


View raw message