On 9/27/05, Farmer J <hackersreallysuck@xxxxxxxxx> wrote: > I guess I need to read up on securing apache. How do you secure a > machine that runs cgi scripts when the users are able to upload their > own scripts? It would be impossible to review every script on the > machine to see if it is secure. There must be a better way. If you allow untrused people to run arbitrary programs on your server, then there is really no way to secure it. But there are some things that can help to isolate problems when they occur. For example, you should look into suexec and selinux. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|