How about running PHP in safe mode? In safe mode (as far as I
understand) user scripts can only access files with the same uid.
Hm but they do have the same uid as they are uploaded via http and under the webserver
user ...
On Tue, 2003-02-25 at 20:15, debian-isp wrote:
Hi all !
I am just asking myself how to secure our webserver with a couple of
virtual hosts.
Currently we have a large installation of typo3 running. It
has a feature called fileadmin with which you can easily
upload files. As it is thereby possible to upload php scripts
and execute via the browser it is to my opionion possible to
access other users files. As the webserver and the files all
have the same user, needed by the system.
Is there a way to secure this:
- chrooting virtual hosts in apache ?
- running multiple instances of apache
- some kind of security system with users and groups
- using directory settings ?
Any ideas
__
Nik Engel NETWAYS GmbH
Senior Systems Engineer Deutschherrnstr. 47a
Fon.0911/92885-13 D-90429 Nürnberg
Fax.0911/92885-33
[EMAIL PROTECTED] www.netways.de
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]