WebApp Sec mailing list archives

Re: PHP session management

From: weigelt () metux de
Date: Tue, 28 Oct 2003 01:07:19 +0100

On Mon, Oct 27, 2003 at 06:12:37PM +0100, Boris Penck wrote:

<snip>

Use CGI-PHP (with suexec) in a multi-user environment. With that
configuration each user (and PHP) has it's own UID. Playing with chroot
in suexec is a plus on security and your session files might be safe.


If you're working w/ apache2, you can also use metuxmpm:
http://www.metux.de/projects/mpm/


cu
-- 
---------------------------------------------------------------------
 Enrico Weigelt    ==   metux IT services

 phone:     +49 36207 519931         www:       http://www.metux.de/     
 fax:       +49 36207 519932         email:     contact () metux de
 cellphone: +49 174 7066481          
---------------------------------------------------------------------
 Diese Mail wurde mit UUCP versandt.      http://www.metux.de/uucp/

Current thread:

PHP session management Gavin Zuchlinski (Oct 26)
- Re: PHP session management Matt Rohrer (Oct 26)
- Re: PHP session management Tommy Gildseth (Oct 26)
  - Re: PHP session management Gavin Zuchlinski (Oct 26)
    - Re: PHP session management Hokkaido (Oct 27)
  - Re: PHP session management Gavin Zuchlinski (Oct 27)
- Re: PHP session management Boris Penck (Oct 27)
  - Re: PHP session management weigelt (Oct 28)
    - Re: PHP session management Ivan Ristic (Oct 28)
- <Possible follow-ups>
- RE: PHP session management Tyler Larson (Oct 27)