Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Prevent access shared server using PHP



On 03/02/2011 12:01 AM, Pietro Zuco wrote:

My concern is about PHP. It's easy to restrict users access to certain
folders by a good group/permission policy and also ssh-jail them but
Apache will be the final user of those PHP scripts and Apache user
doesn't have the same restrictions as a limited user. It can browse
whatever is browsable for a common generic user.

Any suggestion to prevent this scenario?

I don't use php, but what about running application servers as unprivileged users bound to localhost ports (or unix sockets if supported) and just using apache as a reverse proxy.

Edward


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links