Suexec with Apache 1.3.29
Marty Landman
MLandman at face2interface.com
Thu Apr 29 13:16:10 PDT 2004
At 03:54 PM 4/29/2004, Mikkel Christensen wrote:
>But lets face it, if you have many users on your webserver some will do so
>occasionally (eg. many users take advantage og fora like PHPBB and PHPNuke
>which stores the database password in cleartext). And when they do you
>will have to deal with the mess as the administrator.
I don't know those in particular though I've heard of them. Am more a
developer than sysadmin.
Unfortunately stuff happens. PHP isn't going to run under suexec though so
how is this relevant?
>Also the problem when running a webserver with many users you don't know
>is to get them to use the right permissions.
Hmm, people very commonly drive cars which have precise rules for driving,
and rules of the road for driving in community. Yet we don't witness
accidents every hour at every intersection. Why? IMO it's because the
average person has a healthy sense of survival and the intelligence to
learn reasonable care. Of course bad drivers have burdensome insurance
costs to weight against their poor driving records. What
incentive/education do bad hosting customers have?
>All this suexec does no good if the users apply chmod 777 (and trust me
>some do!) to all their files:(
I'd argue that the web, like driving, isn't for everyone. /It is/ for
everyone willing to learn and apply the rules of the road. People have been
sold the concept that they can get cheap or free hosting, cheap or free web
design (perhaps by a niece or friend's computer genius kid) and make $$
sitting at home checking their email. This has led to cheap computers with
often horrendous technical support and minimal QA at the factory,
ridiculously simple minded security holes at gazzillions of urls, and a
relatively small percentage of decently made and easy to use sites, with an
even smaller percentage making at least a little bit of money.
Sorry for the rant. :)
Marty
Marty Landman Face 2 Interface Inc. 845-679-9387
Web Installed Formmailer: http://face2interface.com/Products/Formal.shtml
FormATable DB: http://face2interface.com/Products/FormATable.shtml
Make a Website: http://face2interface.com/Home/Demo.shtml
More information about the freebsd-questions
mailing list