I read the "Seven Deadly Sins" of Linux security, and one item concerns me:
"On Toxen's "don'ts" list: Don't use PHP, even though it's convenient. Don't run DNS, auth (ident) or Apache as root. But, do use suEXEC, a tool first introduced in Apache 1.2, that increases security by allowing users to develop and run private CGI or SSI programs." I will look into suEXEC, but I see that on my server, httpd2 is run by apache, except for *one* httpd2 process that is run as root. Is that necessary, and if not, can I kill it? Also, why would PHP be a security risk? because it is executed on the server and not on the client's browser...? -- Joehill Registered Linux user #282046 Homepage: http://nodex.sytes.net 13:24:09 up 4 days, 11:27, 1 user, load average: 0.06, 0.10, 0.09
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
