On Mon, 2013-05-06 at 14:59 -0600, Bob Proulx wrote: > > 1) We should try to educate users not to use mod_php. > If "Best Practices" such as this were documented such as on the Debian > wiki then it would go a long way to making this easy for users to do. > They could then simple follow recipies to good practices. Well but right now many packages rather assume that one uses mod_php... I run several PHP programs on our faculty (e.g. icinga-classic, icinga-web, pnp)... all of them with CGI each of them running with it's own user and thereby also doing the DB authentication... Setting this up was really time consuming as it required lots of trying, especially when also "hardening" php.ini per each of these programs (and therefore most end users simply won't to it)... in an ideal world... such things would be better supported. This is definitely _not_ to blame any of the respective maintainers... I just think that it's better to harden and separate as much as possible :) Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature