Patrick Donker wrote:
What exactly do you mean by hosting your scripts? Are you referring to where to put them on your server, physically, in relation to your DOCUMENT_ROOT?Guys,What is the best way, security wise, to host cgi, perl or php scripts? Should I start using a jail or are there other ways to keep my server from being a worm or spam platform. Links to howtos or other threads are most welcomed.Thanks -Patrick ---------------------------------------------------------------------The official User-To-User support forum of the Apache HTTP Server Project.See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
Also, if the script is going to be useful, it's going to be accessible from the web, so it doesn't really matter where you host them on your server, as they'll all be equally visible in order to be executable.
Lastly, some of these scripting engines, such as PHP, have a "safe mode" feature that helps to prevent common exploits, but that is only effective if you are running an unsafe setup in the first place, and moreover, is oftentimes very restrictive to most scripts.
Let us know some of these details, and maybe we can help out some more. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|