Voytek Eymont wrote:

> 
> On Thu, December 28, 2006 10:37 am, Penedo wrote:
> > On 28/12/06, Voytek Eymont <[EMAIL PROTECTED]> wrote:
> 
> > I suspect you are looking at this in the wrong way - try to contain the
> > CMS
> > systems (e.g. maybe run them under a limited user and chroot or some other
> >  segregated environment) instead of trying to identify and hide all
> > potential tools used by holes in the CMS.
> 
> perhaps, but, it certainly would have prevented two infiltration I had in
> the last few month

I *REALLY* honestly don't think so. Once somebody is in they will
use a Perl script. If Perl isn't installed they will do something
else, like uploading a precomiled binary.

The idea is to prevent people getting in to begin with. Once they
are in its way too late.

Erik
-- 
+-----------------------------------------------------------+
  Erik de Castro Lopo
+-----------------------------------------------------------+
"Web (hosting), security and high-performance computing are the 
three areas where Linux has more strength." -- 
Bob Muglia, senior VP in charge of Windows Server development.
http://news.com.com/Microsoft+targets+Apache+Web+server/2100-1010_3-5735805.html
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Reply via email to