Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Securing PHP?

Thanks for all the input. I of course know the importance of having high quality code for the php scripts. My intention with the post is how to best lock down PHP in a shared enviroment on os x server. I´m sorry if i didnt make that enough clear from the beginning.

Correct me if i´m wrong but if i know the path of another users php-files in the sites folder (of another user) i can call them up with a php-script form my user on the same server, right? And when you run a CMS like Joomla! and you edit a file from the admin section in Joomla! the owner of the file changes to www (wich is a pain since then you cant delete it with the FTP since i dont of course want the FTP-user having access to www).

What would be the best solution for preventing stuff like this? Safe mode seems useless as long as CGI is allowed on the server, right? Isnt there a way to chroot a whole user somehow?

Allright, flame away guys with "build it yourself s***er!". If that´s what we have to do to get a secure server for our needs we can just as well switch to OpenBSD for our hosting. 
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.