rbowen 2002/11/06 18:44:08 Modified: htdocs/manual/misc security_tips.html Log: As per discussion on [email protected] and a little on IRC, a bit of clarification about "third party" modules and the permissions with which they access files. Revision Changes Path 1.30 +14 -0 httpd-docs-1.3/htdocs/manual/misc/security_tips.html Index: security_tips.html =================================================================== RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/misc/security_tips.html,v retrieving revision 1.29 retrieving revision 1.30 diff -u -r1.29 -r1.30 --- security_tips.html 19 Jan 2002 17:45:12 -0000 1.29 +++ security_tips.html 7 Nov 2002 02:44:08 -0000 1.30 @@ -27,6 +27,8 @@ <li><a href="#cgi">CGI in General</a></li> + <li><a href="#dynamic">Other sources of dynamic content</a></li> + <li><a href="#systemsettings">Protecting System Settings</a></li> @@ -188,6 +190,18 @@ code. Another popular way of doing this is with <a href="http://wwwcgi.umr.edu/~cgiwrap/";>CGIWrap</a>.</p> <hr /> + + <h2><a id="dynamic" name="dynamic">Other sources of dynamic + content</a></h2> + +<p>Embedded scripting options which run as part of the server itself, such +as mod_php, mod_perl, mod_tcl, and mod_python, run under the identify of +the server itself, (see the <a href="../mod/core.html#user">User</a> +directive) and therefore scripts executed by these engines +potentially can access anything the server user can. some scripting +engines may provide restrictions, but it is better to be safe and assume +not.</p> +<hr /> <h2><a id="systemsettings" name="systemsettings">Protecting System Settings</a></h2>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
