Keeping the webserver safe

To: debian-security@lists.debian.org
Subject: Keeping the webserver safe
From: Rico Secada <coolzone@it.dk>
Date: Sun, 5 Oct 2008 20:27:08 +0200
Message-id: <[🔎] 20081005202708.58cac505.coolzone@it.dk>

Hi.

I have a webserver running with a couple of users as virtual hosts in
Apache. 

I read this article from IBM
http://www.ibm.com/developerworks/opensource/library/os-php-secure-apps/index.html
(look for "Guard your filesystem") and testet the PHP script on an Etch
installation, and the script serves files such as /etc/passwd and
others.

What is the best and correct way to protect the server from users who
might upload such a script on their web directory?

I don't want to run Apache in a chroot.

Best regards.

Rico

Reply to:

Follow-Ups:
- Re: Keeping the webserver safe
  - From: "Dusty Wilson" <dusty@hey.nu>
- Re: Keeping the webserver safe
  - From: Nikolai Lusan <nikolai@lusan.id.au>
- Re: Keeping the webserver safe
  - From: Joe <joe@jretrading.com>
- Re: Keeping the webserver safe
  - From: Kovács Zoltán <z_kovacs@elender.hu>
- Re: Keeping the webserver safe
  - From: "KwangErn Liew" <ke.liew@gmail.com>
- Re: Keeping the webserver safe
  - From: Michelle Konzack <linux4michelle@tamay-dogan.net>

Prev by Date: Florian Koch ist außer Haus.
Next by Date: Re: Keeping the webserver safe
Previous by thread: Florian Koch ist außer Haus.
Next by thread: Re: Keeping the webserver safe
Index(es):
- Date
- Thread