|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] webhosting question again
|
ok i have another question about webhosting.
the scenario is,
- lots of users using the same
machine serving virtual websites.
- some users may want their own cgi-bin
regardless of any security i think of by way
of permissions, I can't think of a secure way
to protect the users files from each other. The reason
is if somebody writes a cgi-bin that should be
readable and executed by apache, then that process
will have the power to read other people web files!
for example lets say theres a webmail application,
which reads mail from the sendmail spool (give apache
appropriate permissions). Therefore
other users can read anything in that spool too
if they can write cgi-bin, specifying absolute
pathnames!
am i thinking correctly or am i missing something?
any insight on industry standard practice on this
aspect?
thanks in advance!
edward pike
_________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|