#1  
Old 4th May 2006, 22:42
yayien yayien is offline
ISPConfig Developer
 
Join Date: Oct 2005
Location: Paris
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to yayien Send a message via Yahoo to yayien
Default Security trap ?!?

Hi everyone,
There is, I think, a big security problem: scripts are running under apache user. Due to that fact if someone decided to write a script in php, for example, so as to do uploads, the files will not be his but apche user ones. Is there any thing so as to prevent it? I think about suPhp which seems to be a good solution...

Cordialy,

Yayien
Reply With Quote
Sponsored Links
  #2  
Old 5th May 2006, 07:06
oliver.blaha oliver.blaha is offline
Member
 
Join Date: Apr 2006
Posts: 37
Thanks: 0
Thanked 1 Time in 1 Post
Default

Please use forum search. There are already some threads concerning suPHP.
I haven't tried it yet, but it should not be hard to use suPHP if you correctly configure your server. This should not need any changes in ISPConfig.
Reply With Quote
  #3  
Old 5th May 2006, 08:49
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 34,647
Thanks: 794
Thanked 5,003 Times in 3,912 Posts
 
Default

As Oliver already stated. This is not an ISPConfig issue, it is a question how you configure your server. You can use either suPHP or SuEXEC + CGI-PHP to run PHP scripts under the web user.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig Security - Firewall cybereatl Installation/Configuration 5 2nd April 2006 17:02
Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAs ebbay Installation/Configuration 9 4th March 2006 11:47
applying security on server to restrict unauthorized attempts pali_253 Server Operation 3 16th February 2006 12:57
security certificate kuyaedz Installation/Configuration 1 23rd December 2005 09:31
ProFTPD potential security hole domino Server Operation 3 19th August 2005 03:25


All times are GMT +2. The time now is 05:30.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.