AW: Apache Virtual Hosts Chroot ?
>How about running PHP in safe mode? In safe mode (as far as I
>understand) user scripts can only access files with the same uid.
Hm but they do have the same uid as they are uploaded via http and under the webserver user ...
>On Tue, 2003-02-25 at 20:15, debian-isp wrote:
>> Hi all !
>> I am just asking myself how to secure our webserver with a couple of
>> virtual hosts.
>> Currently we have a large installation of typo3 running. It
>has a feature called fileadmin with which you can easily
>upload files. As it is thereby possible to upload php scripts
>and execute via the browser it is to my opionion possible to
>access other users files. As the webserver and the files all
>have the same user, needed by the system.
>> Is there a way to secure this:
>> - chrooting virtual hosts in apache ?
>> - running multiple instances of apache
>> - some kind of security system with users and groups
>> - using directory settings ?
>> Any ideas
>> Nik Engel NETWAYS GmbH
>> Senior Systems Engineer Deutschherrnstr. 47a
>> Fon.0911/92885-13 D-90429 Nürnberg
>> email@example.com www.netways.de