[thelist] PHP Perl Apache security
Steve Lewis
nepolon at worlddomination.net
Mon Jul 21 14:05:07 CDT 2003
Keith wrote:
> We're wondering how others handle the inherent insecurity of running
> both PHP and Perl in a virtualhosting environment on Linux servers.
> We've run the two
Here is an observation:
You don't need world-write permissions, you need the Apache user to have
write permissions. Change owner or group on the PHP domains, turn on
the correct write bit. Sandbox your PHP domains and your Perl domains
separately with open_basedir and SuExec respectively.
Perl cannot now write to files in PHP domains because they are no longer
running as the Apache user. Simiarly, PHP domains cannot get out of
their domain sandbox to write to Perl domains.
Anyone see any problems with this?
Steve
More information about the thelist
mailing list