RE: [PLUG] webhosting question again

mike.h on Thu, 14 Nov 2002 11:00:06 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] webhosting question again

From: "mike.h" <mike.h@stemik.com>

To: <plug@lists.phillylinux.org>

Subject: RE: [PLUG] webhosting question again

Date: Thu, 14 Nov 2002 11:01:48 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

See "Writing Apache Modules with Perl and C" by Stein and MacEachern, O'Reilly 1999 or Security and Apache: An Essential Primer at: http://www.linuxplanet.com/linuxplanet/tutorials/1527/1/ may also be useful: http://www.onlamp.com/apache/ http://httpd.apache.org/docs/vhosts/ -mike.h -----Original Message----- From: plug-admin@lists.phillylinux.org [mailto:plug-admin@lists.phillylinux.org]On Behalf Of epike@isinet.com Sent: Wednesday, November 13, 2002 6:07 PM To: plug@lists.phillylinux.org Subject: [PLUG] webhosting question again ok i have another question about webhosting. the scenario is, - lots of users using the same machine serving virtual websites. - some users may want their own cgi-bin regardless of any security i think of by way of permissions, I can't think of a secure way to protect the users files from each other. The reason is if somebody writes a cgi-bin that should be readable and executed by apache, then that process will have the power to read other people web files! for example lets say theres a webmail application, which reads mail from the sendmail spool (give apache appropriate permissions). Therefore other users can read anything in that spool too if they can write cgi-bin, specifying absolute pathnames! am i thinking correctly or am i missing something? any insight on industry standard practice on this aspect? thanks in advance! edward pike _________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug _________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug

Follow-Ups:

RE: [PLUG] webhosting question again
From: Thomas Thurman <thomas@thurman.org.uk>

References:

[PLUG] webhosting question again
From: epike@isinet.com

Prev by Date: Re: [PLUG] webhosting question again

Next by Date: Re: [PLUG] webhosting question again

Previous by thread: Re: [PLUG] webhosting question again

Next by thread: RE: [PLUG] webhosting question again

Index(es):

Date

Thread