Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: [lists] Re: PHP security (or the lack thereof)
From: "Curt Purdy" <purdy () tecman com>
Date: Sun, 16 Jul 2006 19:26:00 -0400

Neil Neely wrote:
For those of us that have to administer shared hosting 
servers where customers can and do build/install very poorly 
written web applications it can be a full time job trying to 
protect your server. 
Snip

At my the ISP I used to run, we used a "chroot jail" so that every site had
its own little bubble that could not be broken through.  A cracker could
compromise a site and deface it or whatever, but could not traverse to any
other location on the server.  Therefore a customer could have the most
insecure php app around with a back-door in a "free" PHP module they got off
the Net and could be embarassed by a cracker but no-one else would suffer
including my BSD server.

Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA 
Information Security Officer 
Information Systems Security
infosysec.net
443.846.4231

-------------

If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked. 
-- former White House cybersecurity czar Richard Clarke 
 




  By Date           By Thread  

Current thread:
  • RE: [lists] Re: PHP security (or the lack thereof) Curt Purdy (Jul 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]