public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download: 
* RE: [gentoo-user] OT - Some miscellanous questions about hack attacks and dealing with them
  @ 2007-02-23 10:08 99% ` Nelson, David (ED, PAR&D)
  0 siblings, 0 replies; 1+ results
From: Nelson, David (ED, PAR&D) @ 2007-02-23 10:08 UTC (permalink / raw
  To: gentoo-user

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="UTF-8", Size: 1507 bytes --]

> -----Original Message-----
> From: Alan McKinnon [mailto:alan@linuxholdings.co.za]
> Sent: 23 February 2007 07:17
> To: gentoo-user@lists.gentoo.org
> Subject: Re: [gentoo-user] OT - Some miscellanous questions about hack
> attacks and dealing with them
> 
> 
> The problem is that php enables every kid and his dog to put an 
> interactive site up on the net. So, every kid and his dog 
> does. All the 
> while making coding mistakes that open holes. Forum software seems 
> especially prone.
> 
> Apache and php_mod themselves are as safe as is reasonable, 
> at least I 
> haven't seen many weaknesses reported on those two packages. 
> To know if 
> you should be taking extra security precautions, watch for security 
> advisories about the php apps you have running
> 

Forgive my ignorance if I'm incorrect - but I was told at one point by a friend who runs a few servers and sites that if an app wont run in PHP Safe Mode then he wont run it at all.
http://us2.php.net/features.safe-mode

I'm not a PHP expert by any means so I can't definitively say "use safe mode" but if people are looking to lock down a server it may be worth a peek.


OT: Also, my name is "David Nelson" not "Nelson David". Don't blame me - it's a work email account and they have our names Surname, Forename all over the place. :P I've just seen people refer to me as "Nelson" sometimes ... ;-)

--
djn

I do not represent anyone else in emails I send to this list.
éí¢‹¬z¸\x1ežÚ(¢¸&j)bž	b²

^ permalink raw reply	[relevance 99%]

Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2007-02-23  7:17     [gentoo-user] OT - Some miscellanous questions about hack attacks and dealing with them Alan McKinnon
2007-02-23 10:08 99% ` Nelson, David (ED, PAR&D)

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox