----- "PENIN Guillaume (SNCF Voyages/Direction des Operations SI)" <[email protected]> wrote:
> Hi, > > Many of our application teams ask us to mount the Apache DocumentRoot > FileSystem in Read-only mode for security reasons. In your opinion, > does > this have any kind of interest ? Mounting the FS read-only might become inconvinient. But you definately should not allow the webserver user to have write access to the documentroot That is, unless your application requires uploads. Then it should happen in a controlled directory. i.e.: One that doesn't have CGI or anything else executable (Options None, SetHandler none), no .htaccesss allowed (AllowOverride None). > Regards, > > Guillaume PENIN > ------- > Ce message et toutes les pièces jointes sont établis à l'intention > exclusive de ses destinataires et sont confidentiels. L'intégrité de > ce message n'étant pas assurée sur Internet, la SNCF ne peut être > tenue responsable des altérations qui pourraient se produire sur son > contenu. Toute publication, utilisation, reproduction, ou diffusion, > même partielle, non autorisée préalablement par la SNCF, est > strictement interdite. Si vous n'êtes pas le destinataire de ce > message, merci d'en avertir immédiatement l'expéditeur et de le > détruire. > ------- > This message and any attachments are intended solely for the > addressees and are confidential. SNCF may not be held responsible for > their contents whose accuracy and completeness cannot be guaranteed > over the Internet. Unauthorized use, disclosure, distribution, > copying, or any part thereof is strictly prohibited. If you are not > the intended recipient of this message, please notify the sender > immediately and delete it. i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: [email protected] URL: http://brainsware.org/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [email protected] " from the digest: [email protected] For additional commands, e-mail: [email protected]
