On Wed, Jun 13, 2007 at 01:52:01AM +0200, Tomasz Pala wrote:
- PHP as CGI run via suexec - performance penalty, but the only one solution
solving problem of inherited EUID for exec(), system() etc.
There is also another one, safe and easy solution: PHP running as
FastCGI, external to the web
On 6/13/07, Tomasz Pala [EMAIL PROTECTED] wrote:
On Wed, Jun 13, 2007 at 09:19:10AM +0200, Jacek Konieczny wrote:
There is also another one, safe and easy solution: PHP running as
FastCGI, external to the web server.
It's not so safe - it's still the same user for every script, so if appX
On Wed, Jun 13, 2007 at 10:14:47AM +0200, Tomasz Pala wrote:
It's not so safe - it's still the same user for every script, so if appX
can read it's configuration file (with database password), then appY
have access too (unless restricted by safe_mode or dozens of
open_basedir).
So one should
On Wed, Jun 13, 2007 at 10:46:29AM +0200, Patryk Zawadzki wrote:
So one should run one FastCGI process for every system account to be
secure, or there must be some SUID on the way (that's why I have written
about suexec+PHP-f?CGI).
You are supposed to run one process per application.
On Sun, 3 Jun 2007, Tomasz Pala wrote:
I was considering a bug in any of shipped webapps. Even though the
server can be safe_mode enabled
...which will be droped in future php releases :)
safe_mode is considered to be obsolete in PHP.
there is possibility to read information that should
Hello,
I was considering a bug in any of shipped webapps. Even though the
server can be safe_mode enabled there is possibility to read
information that should remain confidential, like valuable for spammers
users list from passwd. I leave other restrictions out deliberately, as
ACLs, open_basedir
