Board index   FAQ   Search  
Register  Login
Board index System Administration Server security

Security behind virtualhosts with enabled php

Discussions about server security -- questions and answeres

Moderators: macek, egami, gesf

Security behind virtualhosts with enabled php

Postby mss » Fri Feb 22, 2013 11:32 am

Hi people,
I create 2 Virtual Hosts for 2 projects
/var/www/project1 and /var/www/project2
if I call in the navigator project1.eg.com work fun
if I call project2.eg.com work fun too,
BUT

Suppose the Project1 is maintained by a malicious php programmer, programmer and this commit solve a script that takes a reading from the /var/www/project2 to check the files contained therein? this is possible since the apache needs to read and execute permissions on the directories of projects.

How do I make it safe?

The same happens when I enable php in home user, eg.
/home/project1/public_html ==> projects.eg.com/~project1
/home/project2/public_html ==> projects.eg.com/~project2

A script any Project1 can do a scan in the archives of Project2.
A script project1 can scan files in the project2.

Thanks
mss
New php-forum User
New php-forum User
 
Posts: 1
Joined: Fri Feb 22, 2013 11:25 am

Return to Server security

Who is online

Users browsing this forum: No registered users and 0 guests

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.