Can you tell us what could be the security problem if Apache is set to run as each user's accounts? Is it a problem if you also allow SSH or Telnet access to users' accounts?
Thank you. Teddy, Teddy's Center: http://teddy.fcc.ro/ Email: [EMAIL PROTECTED] ----- Original Message ----- From: "William R. Mussatto" <[EMAIL PROTECTED]> To: "Octavian Rasnita" <[EMAIL PROTECTED]> Cc: "Larry Brown" <[EMAIL PROTECTED]>; "MySQL List" <[EMAIL PROTECTED]> Sent: Thursday, January 09, 2003 8:56 PM Subject: Re: Hiding the password On Thu, 9 Jan 2003, Octavian Rasnita wrote: > Date: Thu, 9 Jan 2003 07:56:20 +0200 > From: Octavian Rasnita <[EMAIL PROTECTED]> > To: "William R. Mussatto" <[EMAIL PROTECTED]> > Cc: Larry Brown <[EMAIL PROTECTED]>, > MySQL List <[EMAIL PROTECTED]> > Subject: Re: Hiding the password > > Yes I know that Apache can be set to run using your own account, but most > hosts don't do that because I heard that this can create other security > problems. We screen the users we allow to do this. It isolates them, but does allow that apache child to have more rights than 'nobody'. these users already have ftp access, but they are chrooted to their own area. Part of the protection would have to be ensuring the files are not world readable. > > Teddy, > Teddy's Center: http://teddy.fcc.ro/ > Email: [EMAIL PROTECTED] > > ----- Original Message ----- > From: "William R. Mussatto" <[EMAIL PROTECTED]> > > > Its possible to configure a single virtual host to run as a different > user and group. It still won't protect you from people at the hosting > company, but other hosting clients should be isolated. > <snip> Sincerely, William Mussatto, Senior Systems Engineer CyberStrategies, Inc ph. 909-920-9154 ext. 27 --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
