httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dragon <dra...@crimson-dragon.com>
Subject Re: [users@httpd] Apache 2.2 security concern
Date Sat, 12 May 2007 17:02:33 GMT
Sam Lavitt did speak thusly:

>Based on my research, suexec only works for SSI and CGI, so it would 
>be pointless for providing security with php, and doing 
>mass-hosting, php is something in pretty common use.  And I am 
>sorry, I mis-spoke, the mpm was mpm_perchild for apache 2.0, which 
>apparently is abandoned and broken. (see 
>http://httpd.apache.org/docs/2.0/mod/perchild.html )  I lack the 
>programing skills that would be needed to repair it unfortunately.
>
>So is there anything that is functional, maintained, and would allow 
>me to provide the security that would be needed, ideally apache 2.2, 
>if not, at least 2.0?  Or any other webserver which can provide the 
>security needed?
---------------- End original message. ---------------------

PHP provides for this directly.

There is a restrict_base_dir setting that can be applied to each 
virtual host that prevents users from accessing anything outside of 
the specified directory tree.

Go to http://www.php.net/ and check the docs for more info.

Dragon

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message