Abu Hurayrah wrote:
Patrick Donker wrote:
Guys,
What is the best way, security wise, to host cgi, perl or php
scripts? Should I start using a jail or are there other ways to keep
my server from being a worm or spam platform. Links to howtos or
other threads are most welcomed.
Thanks
-Patrick
What exactly do you mean by hosting your scripts? Are you referring
to where to put them on your server, physically, in relation to your
DOCUMENT_ROOT?
Also, if the script is going to be useful, it's going to be accessible
from the web, so it doesn't really matter where you host them on your
server, as they'll all be equally visible in order to be executable.
Lastly, some of these scripting engines, such as PHP, have a "safe
mode" feature that helps to prevent common exploits, but that is only
effective if you are running an unsafe setup in the first place, and
moreover, is oftentimes very restrictive to most scripts.
Let us know some of these details, and maybe we can help out some more.
Right, ok, maybe I should've given more info.
Well then, it mostly concerns mailto forms accessable from the web or
other feedback scripts. Maybe lookup or dataentry scripts into a mysql
database. Clearly there shouldnt be very much of a problem running
scripts that are called from html pages, as in dynamic contents. What
you could think of is clients making an online calculation and
submitting this through email as an order. Sounds like a shopping cart
kinda script, but such a broad application isnt needed. What I would
like to know is what the best approach is to secure a server to avoid it
becoming a launch platform for all sorts of nasty things.
Lastly I'd like to know how to avoid people peeking into data of other
vhosts that might be running on the same server. I'm not very keen on
running different instances; I'd like to keep things as simple as
possible. I'm not a big time isp or something, I just host some small
websites for small companies, but now they have asked me if it possible
to make their sites somewhat interactive.
I hope that it is more clearly now what I mean. If not, please say so
and I'll try to elaborate more
Thanks
Patrick
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
