[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Securing PHP?

Subject: Re: Securing PHP?
From: Dan Shoop <email@hidden>
Date: Fri, 06 Jan 2006 15:49:53 -0500
Delivered-to: email@hidden
Delivered-to: email@hidden

At 8:16 PM +0100 1/6/06, Christian Enqvist wrote:

Thanks for all the input. I of course know the importance of having high quality code for the php scripts. My intention with the post is how to best lock down PHP in a shared enviroment on os x server. I´m sorry if i didnt make that enough clear from the beginning.


Then you want chroots.

Correct me if i´m wrong but if i know the path of another users php-files in the sites folder (of another user) i can call them up with a php-script form my user on the same server, right?


Depends on if you have basedir's

And when you run a CMS like Joomla! and you edit a file from the admin section in Joomla! the owner of the file changes to www (wich is a pain since then you cant delete it with the FTP since i dont of course want the FTP-user having access to www).


Which is why there are ACLs.

What would be the best solution for preventing stuff like this? Safe mode seems useless as long as CGI is allowed on the server, right? Isnt there a way to chroot a whole user somehow?


Yes. But that's not always (a) necessary (b) easy (c) a panacea

Allright, flame away guys with "build it yourself s***er!". If that´s what we have to do to get a secure server for our needs we can just as well switch to OpenBSD for our hosting.

If you think the reasons you choose the base distro of any OSen are this simple you are rather naive.

At 3:48 PM -0500 1/6/06, Dan Shoop wrote:

At 8:49 PM +0100 1/6/06, Christian Enqvist wrote:
Yeah i have used Google (of course there is no article specific for os x server out there).
Why would there need to be? PHP is an application, not an OS.
Every article comes down to "Build it yourself and include this".
Yeah, and it's damned good advice.
So is the conclusion that Apples build of PHP in OS X Server is useless for production use on a shared webserver?
Not at all.

--

-dhan

------------------------------------------------------------------------
Dan Shoop                                                   AIM: iWiring
Systems & Networks Architect                     http://www.iwiring.net/
email@hidden                                 http://www.ustsvs.com/
1-646-217-4725

pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF  12B1 7840 3BE7 3736 DE0B

iWiring provides systems and networks support for Mac OS X, unix, and
Open Source application technologies at affordable rates.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

References:
	>Securing PHP? (From: Christian Enqvist <email@hidden>)

Prev by Date: Re: Securing PHP?
Next by Date: Re: DNS email issue
Previous by thread: Re: Securing PHP?
Next by thread: Re: Securing PHP?
Index(es):
- Date
- Thread

Home