Re: Apache: limiting the execution place

[Jonas Acres <jonas () nokel org>]

I apologize if I misunderstood anything here...

I believe the idea is to protect the Defender's raw PHP/Perl/whatever code
from the Attacker, who also has an account on the server. If Defender's
public_html directory is world-readable, Attacker can SSH/telnet/whatever in
and take it.

If Defender's public_html directory is only readable by her and httpd, then
the only way to the file is through the web server.

The web server won't ever send out raw code if it's set-up properly -- it'll
parse the code, and send out the HTML output. So going through the web
server is useless to Attacker.

Jonas

On 2003-06-17 02:16, "exon" <exon () home se> wrote:

> I don't quite see the point, or I've misunderstood what you're asking for.
> Do you want to block local users from seeing what global users can? What
> hinders the local users from getting it anyway through the webserver
> instead?
>
> /Andy


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------