httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rbo...@apache.org
Subject cvs commit: httpd-docs-1.3/htdocs/manual/misc security_tips.html
Date Thu, 07 Nov 2002 02:44:08 GMT
rbowen      2002/11/06 18:44:08

  Modified:    htdocs/manual/misc security_tips.html
  Log:
  As per discussion on users@httpd.apache.org and a little on IRC, a bit
  of clarification about "third party" modules and the permissions with
  which they access files.
  
  Revision  Changes    Path
  1.30      +14 -0     httpd-docs-1.3/htdocs/manual/misc/security_tips.html
  
  Index: security_tips.html
  ===================================================================
  RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/misc/security_tips.html,v
  retrieving revision 1.29
  retrieving revision 1.30
  diff -u -r1.29 -r1.30
  --- security_tips.html	19 Jan 2002 17:45:12 -0000	1.29
  +++ security_tips.html	7 Nov 2002 02:44:08 -0000	1.30
  @@ -27,6 +27,8 @@
   
         <li><a href="#cgi">CGI in General</a></li>
   
  +      <li><a href="#dynamic">Other sources of dynamic content</a></li>
  +
         <li><a href="#systemsettings">Protecting System
         Settings</a></li>
   
  @@ -188,6 +190,18 @@
       code. Another popular way of doing this is with <a
       href="http://wwwcgi.umr.edu/~cgiwrap/">CGIWrap</a>.</p>
       <hr />
  +
  +    <h2><a id="dynamic" name="dynamic">Other sources of dynamic
  +    content</a></h2>
  +
  +<p>Embedded scripting options which run as part of the server itself, such
  +as mod_php, mod_perl, mod_tcl, and mod_python, run under the identify of
  +the server itself, (see the <a href="../mod/core.html#user">User</a>
  +directive) and therefore scripts executed by these engines
  +potentially can access anything the server user can.  some scripting
  +engines may provide restrictions, but it is better to be safe and assume
  +not.</p>
  +<hr />
   
       <h2><a id="systemsettings" name="systemsettings">Protecting
       System Settings</a></h2>
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message