AW: Apache Virtual Hosts Chroot ?

To: <debian-isp@lists.debian.org>
Subject: AW: Apache Virtual Hosts Chroot ?
From: "debian-isp" <debian-isp@lists.netways.de>
Date: Tue, 25 Feb 2003 10:53:37 +0100
Message-id: <3626546DC152134382A0A029C29365C60769A8@net-mail.int.netways.de>

>
>How about running PHP in safe mode?  In safe mode (as far as I
>understand) user scripts can only access files with the same uid.

Hm but they do have the same uid as they are uploaded via http and under the webserver user ... 

>
>On Tue, 2003-02-25 at 20:15, debian-isp wrote:
>> Hi all !
>> 
>> I am just asking myself how to secure our webserver with a couple of 
>> virtual hosts.
>> Currently we have a large installation of typo3 running. It 
>has a feature called fileadmin with which you can easily 
>upload files. As it is thereby possible to upload php scripts 
>and execute via the browser it is to my opionion possible to 
>access other users files. As the webserver and the files all 
>have the same user, needed by the system. 
>> Is there a way to secure this: 
>> 
>> - chrooting virtual hosts in apache ?
>> - running multiple instances of apache 
>> - some kind of security system with users and groups 
>> - using directory settings ? 
>> 
>> Any ideas
>> 
>> __________________________________________________________
>> Nik Engel                     NETWAYS GmbH
>> Senior Systems Engineer       Deutschherrnstr. 47a
>> Fon.0911/92885-13             D-90429 Nürnberg
>> Fax.0911/92885-33            
>> nengel@netways.de             www.netways.de
>> 
>
>

Reply to:

Prev by Date: Re: [d-security] Apache Virtual Hosts Chroot ?
Next by Date: Which is the best form ??
Previous by thread: Re: Apache Virtual Hosts Chroot ?
Next by thread: Which is the best form ??
Index(es):
- Date
- Thread