[nycphp-talk] Pair Network's "security" model - could it be this bad?
Chris Snyder
csnyder at chxo.com
Tue Jun 1 13:18:53 EDT 2004
Jayesh Sheth wrote:
> In my current setup, a domain can be mapped to a directory in a
> certain user's root directory. Only that user can access any of the
> files in that user's directory.
How does the webserver (Apache?) access the files? Surely they are
readable by the 'nobody' or 'www' user... which means that anyone who
can run a script via the webserver can read any other script that can be
run by the webserver.
> Pair's method of hosting seems totally insecure and inflexible, and
> their workaround seems like a real pain in the you know where.
It's unfortunately standard. Mass virtual hosting is insecure by nature,
and that's fine for most people. If you have data you want to protect,
you need to consider a dedicated server -- or a jail-able system like
FreeBSD.
chris.
More information about the talk
mailing list