Hello, I am building a bit secured webserver and I wish to have two users for every domain - one is for sftp usage and another for run of the web itself. I have never thought about any different approach if we are paying performance penalty for security - no reason to leave it half-done. suphp as is gives no defence against code injection aimed at overwriting of files, or I am missing something, so I intend to run the sites on behalf of non owner of anything capable of writing to specific required locations. But if I build in config mode (only one relevant), I end with a note, that the user does not own the directory where script is located - this is intended, so no surprise there. I overcome that by stripping the if responsible for this around line 555 of Application.cpp, but I suppose, that there should be another way to do so, which I am unable to find anywhere. Is my approach the only possible way or am I missing anything?
Regards David _______________________________________________ suPHP mailing list [email protected] https://lists.marsching.com/mailman/listinfo/suphp
