Home page logo

bugtraq logo Bugtraq mailing list archives

RE: [lists] Re: PHP security (or the lack thereof)
From: "Curt Purdy" <purdy () tecman com>
Date: Sun, 16 Jul 2006 19:26:00 -0400

Neil Neely wrote:
For those of us that have to administer shared hosting 
servers where customers can and do build/install very poorly 
written web applications it can be a full time job trying to 
protect your server. 

At my the ISP I used to run, we used a "chroot jail" so that every site had
its own little bubble that could not be broken through.  A cracker could
compromise a site and deface it or whatever, but could not traverse to any
other location on the server.  Therefore a customer could have the most
insecure php app around with a back-door in a "free" PHP module they got off
the Net and could be embarassed by a cracker but no-one else would suffer
including my BSD server.

Information Security Officer 
Information Systems Security


If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked. 
-- former White House cybersecurity czar Richard Clarke 

  By Date           By Thread  

Current thread:
  • RE: [lists] Re: PHP security (or the lack thereof) Curt Purdy (Jul 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]