[thelist] securing script

Joxn joxn at vernum.com
Tue Mar 27 12:46:25 CST 2001


Joshua OIson wrote:
> Is this Unix or a Windows system? 

It is a Red Hat Linux box running PHP4 and Apache.

Sean German wrote:
> One thing to look into is running your service, process, daemon, whatever
> under a user account created just for that purpose.  Then make sure that
> account only has rights to do what you want users of the script to do.

Wouldn't this mean that I need to run PHP as another user?
Or do you mean I should create another user and change ownership of the
single script?
But doesn't this depend on "nobody" (the user Apache is running as)?

TIA,
Joxn
-- 
   || //\\ \\// |\\||  ::  joxn at vernum.com  ::
 \\|| \\// //\\ ||\\|  ::      8053703      ::




More information about the thelist mailing list