httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dragon <dra...@crimson-dragon.com>
Subject Re: [users@httpd] Apache 2.2 security concern
Date Sat, 12 May 2007 17:04:26 GMT
Jaqui Greenlees did speak thusly:

>Yes, as Nick mentioned, suexec and user/group
>permissions are the common method for securing the
>site(s) from this.
>another option, slightly more hardware intensive is
>the have each hosted site running as a separate
>instance of apache chrooted so they do not have any
>access to the rst of the servers file system.
---------------- End original message. ---------------------

That approach is absolutely unnecessary and overly complicated.

As I said in my previous reply to this thread, PHP provides such a 
mechanism that is very easy to use.

Dragon

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message