[Savannah-dev] Security Notice

savannah-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-dev] Security Notice

From:	Mathieu Roy
Subject:	[Savannah-dev] Security Notice
Date:	Tue, 11 Nov 2003 10:40:30 +0100
User-agent:	Gnus/5.1002 (Gnus v5.10.2) Emacs/21.3 (gnu/linux)

Hi,

Just a little message to inform that you should never run Savannah
(and most of PHP softwares) on a computer where you allow non-trusted
users to run perl of php scripts via apache.

As a matter of fact, these users would be capable to read your
configuration files easily.

The solution is to use PHP Safe Mode (ini configuration). Or maybe it
could be possible to change the apache user depending on the url
requested, which would do the trick.

Regards,

-- 
Mathieu Roy

  +---------------------------------------------------------------------+
  | General Homepage:           http://yeupou.coleumes.org/             |
  | Computing Homepage:         http://alberich.coleumes.org/           |
  | Not a native english speaker:                                       |
  |     http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english  |
  +---------------------------------------------------------------------+

[Prev in Thread]

Current Thread

[Next in Thread]

[Savannah-dev] Security Notice, Mathieu Roy <=

Prev by Date: [Savannah-dev] [bug #6455] Savannah unable to parse Lynx's RFC 1867 posts
Next by Date: [Savannah-dev] sys_debug_on
Previous by thread: [Savannah-dev] 1, 000 Full Color 11" x 17" Posters $300.00 4/0 100# Gloss Book
Next by thread: [Savannah-dev] sys_debug_on
Index(es):
- Date
- Thread