Security trap ?!?

Discussion in 'Developers' Forum' started by yayien, May 4, 2006.

  1. yayien

    yayien ISPConfig Developer

    Hi everyone,
    There is, I think, a big security problem: scripts are running under apache user. Due to that fact if someone decided to write a script in php, for example, so as to do uploads, the files will not be his but apche user ones. Is there any thing so as to prevent it? I think about suPhp which seems to be a good solution...

    Cordialy,

    Yayien
     
  2. oliver.blaha

    oliver.blaha ISPConfig Developer

    Please use forum search. There are already some threads concerning suPHP.
    I haven't tried it yet, but it should not be hard to use suPHP if you correctly configure your server. This should not need any changes in ISPConfig.
     
  3. till

    till Super Moderator

    As Oliver already stated. This is not an ISPConfig issue, it is a question how you configure your server. You can use either suPHP or SuEXEC + CGI-PHP to run PHP scripts under the web user.
     

Share This Page