Old 4th May 2006, 23:42
yayien yayien is offline
ISPConfig Developer
Join Date: Oct 2005
Location: Paris
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to yayien Send a message via Yahoo to yayien
Default Security trap ?!?

Hi everyone,
There is, I think, a big security problem: scripts are running under apache user. Due to that fact if someone decided to write a script in php, for example, so as to do uploads, the files will not be his but apche user ones. Is there any thing so as to prevent it? I think about suPhp which seems to be a good solution...


Reply With Quote
Sponsored Links
Old 5th May 2006, 08:06
oliver.blaha oliver.blaha is offline
Join Date: Apr 2006
Posts: 37
Thanks: 0
Thanked 1 Time in 1 Post

Please use forum search. There are already some threads concerning suPHP.
I haven't tried it yet, but it should not be hard to use suPHP if you correctly configure your server. This should not need any changes in ISPConfig.
Reply With Quote
Old 5th May 2006, 09:49
till till is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts

As Oliver already stated. This is not an ISPConfig issue, it is a question how you configure your server. You can use either suPHP or SuEXEC + CGI-PHP to run PHP scripts under the web user.
Till Brehm
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig Security - Firewall cybereatl Installation/Configuration 5 2nd April 2006 18:02
Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAs ebbay Installation/Configuration 9 4th March 2006 12:47
applying security on server to restrict unauthorized attempts pali_253 Server Operation 3 16th February 2006 13:57
security certificate kuyaedz Installation/Configuration 1 23rd December 2005 10:31
ProFTPD potential security hole domino Server Operation 3 19th August 2005 04:25

All times are GMT +2. The time now is 10:03.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.