httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gare" <g...@wanadoo.es>
Subject [users@httpd] Security APACHE, PHP and CGI
Date Sat, 09 Apr 2005 16:04:46 GMT
We have a site with several subdomains hosted, but the webmasters of these 
subdomains are not allowed to use their own CGI nor PHP.
The box runs under Fedora with Apache 1.3, and webmasters of subdomains are 
not users of the OS, they share the account of a user (the owner of the main 
domain where subdomains are hosted).
I would like to offer php and cgi support, but I am worried about security. 
I know that PHP can be configured in secure mofe and that we can control 
access to directories.
But CGI is too powerful, and a CGI program can access a lot of files in the 
server.
suExec is not a solution, because webmasters could access files in other 
subdomains (they share the same account).

Is there any solution to host subdomains with php and cgi without compromise 
server and subdomains security?

thanks







---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message