[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

AW: Apache Virtual Hosts Chroot ?

>How about running PHP in safe mode?  In safe mode (as far as I
>understand) user scripts can only access files with the same uid.

Hm but they do have the same uid as they are uploaded via http and under the webserver user ... 

>On Tue, 2003-02-25 at 20:15, debian-isp wrote:
>> Hi all !
>> I am just asking myself how to secure our webserver with a couple of 
>> virtual hosts.
>> Currently we have a large installation of typo3 running. It 
>has a feature called fileadmin with which you can easily 
>upload files. As it is thereby possible to upload php scripts 
>and execute via the browser it is to my opionion possible to 
>access other users files. As the webserver and the files all 
>have the same user, needed by the system. 
>> Is there a way to secure this: 
>> - chrooting virtual hosts in apache ?
>> - running multiple instances of apache 
>> - some kind of security system with users and groups 
>> - using directory settings ? 
>> Any ideas
>> __________________________________________________________
>> Nik Engel                     NETWAYS GmbH
>> Senior Systems Engineer       Deutschherrnstr. 47a
>> Fon.0911/92885-13             D-90429 Nürnberg
>> Fax.0911/92885-33            
>> nengel@netways.de             www.netways.de

Reply to: