I suposse that there is only two ways: host without cgi or install a VPS Thanks----- Original Message ----- From: "Joshua Slive" <jslive@xxxxxxxxx>
To: <users@xxxxxxxxxxxxxxxx> Sent: Saturday, April 09, 2005 9:27 PM Subject: Re: [users@httpd] Security APACHE, PHP and CGI
On Apr 9, 2005 2:44 PM, Gare <gare@xxxxxxxxxx> wrote:That's why I'm looking for a solution, an easy and affordable solution. Ofcourse my subdomains with a share user can't use php nor cgi. Then if a cgi program can access all over the server (files like /etc/passwd ), how do enterprise that provide shared hosting with cgi/php/mysql support?They don't share userids.Even if I create a system user for every subdomain webserver, CGI couldaccess important files in the server (/etc/shadow or /etc/passwd ... ), orperhaps could mod_security avoid this action?No, they will only have access to the files that you allow them to access. /etc/shadow certainly wouldn't be one of those. Another idea is to look at cgiwrap, which has a somewhat more flexible attitude towards permission changing. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|