#1  
Old 4th May 2006, 23:42
yayien yayien is offline
ISPConfig Developer
  
Join Date: Oct 2005
Location: Paris
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to yayien Send a message via Yahoo to yayien
Default Security trap ?!?
Hi everyone,
There is, I think, a big security problem: scripts are running under apache user. Due to that fact if someone decided to write a script in php, for example, so as to do uploads, the files will not be his but apche user ones. Is there any thing so as to prevent it? I think about suPhp which seems to be a good solution...

Cordialy,

Yayien
Reply With Quote
  #2  
Old 5th May 2006, 08:06
oliver.blaha oliver.blaha is offline
Member
  
Join Date: Apr 2006
Posts: 37
Thanks: 0
Thanked 1 Time in 1 Post
Send a message via ICQ to oliver.blaha Send a message via Skype™ to oliver.blaha
Default
Please use forum search. There are already some threads concerning suPHP.
I haven't tried it yet, but it should not be hard to use suPHP if you correctly configure your server. This should not need any changes in ISPConfig.
Reply With Quote
  #3  
Old 5th May 2006, 09:49
till till is offline
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 19,805
Thanks: 285
Thanked 1,805 Times in 1,357 Posts
Default
As Oliver already stated. This is not an ISPConfig issue, it is a question how you configure your server. You can use either suPHP or SuEXEC + CGI-PHP to run PHP scripts under the web user.
__________________
Till Brehm
--
http://www.projektfarm.com/en/
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig Security - Firewall cybereatl Installation/Configuration 5 2nd April 2006 18:02
Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAs ebbay Installation/Configuration 9 4th March 2006 12:47
applying security on server to restrict unauthorized attempts pali_253 Server Operation 3 16th February 2006 13:57
security certificate kuyaedz Installation/Configuration 1 23rd December 2005 10:31
ProFTPD potential security hole domino Server Operation 3 19th August 2005 04:25


All times are GMT +2. The time now is 05:43.

Contact Us - HowtoForge - Linux Howtos and Tutorials - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Sponsored Links: Unified Communications: Thoughts, Strategies and Predictions
Join the discussion.
www.seamlessenterprise.com

IP Convergence
Integrate your wireless and wireline networks.
Learn how from the experts at Sprint.
www.seamlessenterprise.com

Wireless & Wireline Integration
Thoughts, strategies and solutions: join the discussion
www.seamlessenterprise.com

Unified Communications 2009
Join the Discussion. Now.
www.seamlessenterprise.com

Red Hat Virtual Experience - a free virtual event. Dec. 9th