[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] securing php

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] securing php
From: Paul Schmehl <pauls@utdallas.edu>
Date: Tue, 19 Aug 2003 21:08:40 -0500

--On Tuesday, August 19, 2003 20:10:48 -0400 Michael Gale 
<michael@bluesuperman.com> wrote:
>#
> User nobody
> Group #-1
> </IfModule>
> </IfModule>
> --snip--
>
> I am not sure if the windows version has this option - it may have
> something similar.

I'm not sure why you would *want* to run Apache on Windows, but I'm certain 
that it would have the same options as *nix where possible.  If you're 
insistent in running a web server on Windows, Apache is probably the better 
choice, though.

The problem with Windows is that the concept of running servers as 
unprivileged users or starting a daemon as root and then dropping 
privileges doesn't correspond one to one with the *nix security model.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] securing php
  - From: "Justin Shin" <zorkshin@tampabay.rr.com>
- Re: [Full-Disclosure] securing php
  - From: Michael Gale <michael@bluesuperman.com>

Prev by Date: RE: [Full-Disclosure] [Fwd: Edwards AFB shut down by W32Blaster](fwd)
Next by Date: RE: [Full-Disclosure] [Fwd: Edwards AFB shut down by W32Blaster] (fwd)
Prev by thread: Re: [Full-Disclosure] securing php
Next by thread: Re: [Full-Disclosure] securing php
Index(es):
- Date
- Thread