Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Prevent access shared server using PHP
- Date: Wed, 02 Mar 2011 12:51:27 +0900
- From: Edward Middleton <edward.middleton@example.com>
- Subject: Re: [tlug] Prevent access shared server using PHP
- References: <4D6D0A40.5000208@example.com>
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101218 Lightning/1.0b3pre Thunderbird/3.1.7
On 03/02/2011 12:01 AM, Pietro Zuco wrote:
My concern is about PHP. It's easy to restrict users access to certain folders by a good group/permission policy and also ssh-jail them but Apache will be the final user of those PHP scripts and Apache user doesn't have the same restrictions as a limited user. It can browse whatever is browsable for a common generic user. Any suggestion to prevent this scenario?
I don't use php, but what about running application servers as unprivileged users bound to localhost ports (or unix sockets if supported) and just using apache as a reverse proxy.
Edward
- References:
- [tlug] Prevent access shared server using PHP
- From: Pietro Zuco
- [tlug] Prevent access shared server using PHP
- Prev by Date: Re: [tlug] Prevent access shared server using PHP
- Next by Date: Re: [tlug] Prevent access shared server using PHP
- Previous by thread: Re: [tlug] Prevent access shared server using PHP
- Next by thread: Re: [tlug] Prevent access shared server using PHP
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |