> -----Original Message----- > From: Alan McKinnon [mailto:[EMAIL PROTECTED] > Sent: 23 February 2007 07:17 > To: [email protected] > Subject: Re: [gentoo-user] OT - Some miscellanous questions about hack > attacks and dealing with them > > > The problem is that php enables every kid and his dog to put an > interactive site up on the net. So, every kid and his dog > does. All the > while making coding mistakes that open holes. Forum software seems > especially prone. > > Apache and php_mod themselves are as safe as is reasonable, > at least I > haven't seen many weaknesses reported on those two packages. > To know if > you should be taking extra security precautions, watch for security > advisories about the php apps you have running >
Forgive my ignorance if I'm incorrect - but I was told at one point by a friend who runs a few servers and sites that if an app wont run in PHP Safe Mode then he wont run it at all. http://us2.php.net/features.safe-mode I'm not a PHP expert by any means so I can't definitively say "use safe mode" but if people are looking to lock down a server it may be worth a peek. OT: Also, my name is "David Nelson" not "Nelson David". Don't blame me - it's a work email account and they have our names Surname, Forename all over the place. :P I've just seen people refer to me as "Nelson" sometimes ... ;-) -- djn I do not represent anyone else in emails I send to this list. ������z� ��(��&j)b� b�
