On Friday, 07. June 2002 02:26, James Ponder wrote:
> Has anyone given any thought to making it possible to run axkit under
> CGI rather than embedded in Apache?
>
> The reason I ask is that I was considering using axkit on a web server that
> is doing mass virtual hosting where security is paramount. In particular,
> all dynamic content must use individual unix users so that it is not
> possible for an application written by one person to be able to mess about
> with processes of another. Of course, with axkit being embedded and
> running as the web user, it's possible for an application to do pretty much
> anything to the other apache processes, including reading out data from
> other applications contained within those processes.
>
> If axkit could be run as a CGI then the normal suexec mechanism would be
> used to achieve this - as we do with PHP.
AFAIK you can set the httpd user on a per-vhost basis, so just use the
corresponding directives and axkit will be secured. Keep in mind that no mass
hosting is ever secure. There are so many pitfalls that absolute security is
impossible.
--
CU
Joerg
PGP Public Key at http://ich.bin.kein.hoschi.de/~trouble/public_key.asc
PGP Key fingerprint = D34F 57C4 99D8 8F16 E16E 7779 CDDC 41A4 4C48 6F94
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
