httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abu Hurayrah <abu_huray...@almaghrib.org>
Subject Re: [users@httpd] Best way to host scripts
Date Sun, 29 May 2005 22:18:29 GMT
Patrick Donker wrote:

> Guys,
>
> What is the best way, security wise, to host cgi, perl or php scripts? 
> Should I start using a jail or are there other ways to keep my server 
> from being a worm or spam platform. Links to howtos or other threads 
> are most welcomed.
> Thanks
> -Patrick
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
What exactly do you mean by hosting your scripts?  Are you referring to 
where to put them on your server, physically, in relation to your 
DOCUMENT_ROOT?

Also, if the script is going to be useful, it's going to be accessible 
from the web, so it doesn't really matter where you host them on your 
server, as they'll all be equally visible in order to be executable.

Lastly, some of these scripting engines, such as PHP, have a "safe mode" 
feature that helps to prevent common exploits, but that is only 
effective if you are running an unsafe setup in the first place, and 
moreover, is oftentimes very restrictive to most scripts.

Let us know some of these details, and maybe we can help out some more.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message