Apache Virtual Hosts Chroot ?

To: <debian-isp@lists.debian.org>, <debian-security@lists.debian.org>
Subject: Apache Virtual Hosts Chroot ?
From: "debian-isp" <debian-isp@lists.netways.de>
Date: Tue, 25 Feb 2003 10:15:15 +0100
Message-id: <[🔎] 3626546DC152134382A0A029C29365C6013931@net-mail.int.netways.de>

Hi all ! 

I am just asking myself how to secure our webserver with a couple of virtual hosts. 
Currently we have a large installation of typo3 running. It has a feature called fileadmin with which you can easily upload files. As it is thereby possible to upload php scripts and execute via the browser it is to my opionion possible to access other users files. As the webserver and the files all have the same user, needed by the system. 
Is there a way to secure this: 

- chrooting virtual hosts in apache ? 
- running multiple instances of apache 
- some kind of security system with users and groups 
- using directory settings ? 

Any ideas

__________________________________________________________
Nik Engel                     NETWAYS GmbH
Senior Systems Engineer       Deutschherrnstr. 47a
Fon.0911/92885-13             D-90429 Nürnberg
Fax.0911/92885-33            
nengel@netways.de             www.netways.de

Reply to:

Follow-Ups:
- Re: [d-security] Apache Virtual Hosts Chroot ?
  - From: Christian Hammers <ch@debian.org>
- Re: Apache Virtual Hosts Chroot ?
  - From: Martynas Domarkas <md@hansa.lt>
- Re: Apache Virtual Hosts Chroot ?
  - From: Victor Calzado Mayo <vcalzado@cnio.es>

Prev by Date: Re: [SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability
Next by Date: Re: [SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability
Previous by thread: Re: [SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability
Next by thread: Re: [d-security] Apache Virtual Hosts Chroot ?
Index(es):
- Date
- Thread