Security behind virtualhosts with enabled php

Discussions about server security -- questions and answeres

Moderators: macek, egami, gesf

mss
New php-forum User
New php-forum User
Posts: 1
Joined: Fri Feb 22, 2013 11:25 am

Security behind virtualhosts with enabled php

Postby mss » Fri Feb 22, 2013 11:32 am

Hi people,
I create 2 Virtual Hosts for 2 projects
/var/www/project1 and /var/www/project2
if I call in the navigator project1.eg.com work fun
if I call project2.eg.com work fun too,
BUT

Suppose the Project1 is maintained by a malicious php programmer, programmer and this commit solve a script that takes a reading from the /var/www/project2 to check the files contained therein? this is possible since the apache needs to read and execute permissions on the directories of projects.

How do I make it safe?

The same happens when I enable php in home user, eg.
/home/project1/public_html ==> projects.eg.com/~project1
/home/project2/public_html ==> projects.eg.com/~project2

A script any Project1 can do a scan in the archives of Project2.
A script project1 can scan files in the project2.

Thanks

Return to “Server security”

Who is online

Users browsing this forum: No registered users and 0 guests