httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary W. Smith" <g...@primeexalia.com>
Subject RE: [users@httpd] Hacked the website replace the index.hm page
Date Mon, 09 May 2005 03:48:43 GMT
That's the key right there.  You probably need to think of multiple
approaches to securing the files (suexec, cgiwrappers, php level tweaks,
etc).  

This is the one place where *nix and apache fall a hair short.  What
would be nice would be the ability to assign user level settings to each
virtual host.  That way you can run it under the user and they can only
modify their own file.  So if they don't upgrade things like phpbb it
affects them only and not the entire client base of that server.

I know there is an alpha stage project out there for 2.0.x that does
just this but I would have been nice to have this as part of the design
implementation.

Gary


> 
> I would not tend to think very much of open_basedir by itself, but the
> other options you mention sound like they are worthwhile. Thanks for
the
> info, I was curious and you filled in some blanks.
> 
> Eric

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message