WebApp Sec mailing list archives
Re: PHP session management
From: weigelt () metux de
Date: Tue, 28 Oct 2003 01:07:19 +0100
On Mon, Oct 27, 2003 at 06:12:37PM +0100, Boris Penck wrote: <snip>
Use CGI-PHP (with suexec) in a multi-user environment. With that configuration each user (and PHP) has it's own UID. Playing with chroot in suexec is a plus on security and your session files might be safe.
If you're working w/ apache2, you can also use metuxmpm: http://www.metux.de/projects/mpm/ cu -- --------------------------------------------------------------------- Enrico Weigelt == metux IT services phone: +49 36207 519931 www: http://www.metux.de/ fax: +49 36207 519932 email: contact () metux de cellphone: +49 174 7066481 --------------------------------------------------------------------- Diese Mail wurde mit UUCP versandt. http://www.metux.de/uucp/
Current thread:
- PHP session management Gavin Zuchlinski (Oct 26)
- Re: PHP session management Matt Rohrer (Oct 26)
- Re: PHP session management Tommy Gildseth (Oct 26)
- Re: PHP session management Gavin Zuchlinski (Oct 26)
- Re: PHP session management Hokkaido (Oct 27)
- Re: PHP session management Gavin Zuchlinski (Oct 27)
- Re: PHP session management Gavin Zuchlinski (Oct 26)
- Re: PHP session management Boris Penck (Oct 27)
- Re: PHP session management weigelt (Oct 28)
- Re: PHP session management Ivan Ristic (Oct 28)
- Re: PHP session management weigelt (Oct 28)
- <Possible follow-ups>
- RE: PHP session management Tyler Larson (Oct 27)