Keeping the webserver safe
Hi.
I have a webserver running with a couple of users as virtual hosts in
Apache.
I read this article from IBM
http://www.ibm.com/developerworks/opensource/library/os-php-secure-apps/index.html
(look for "Guard your filesystem") and testet the PHP script on an Etch
installation, and the script serves files such as /etc/passwd and
others.
What is the best and correct way to protect the server from users who
might upload such a script on their web directory?
I don't want to run Apache in a chroot.
Best regards.
Rico
Reply to: