[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ProgSoc] Looking down apache on a windows system.



Thanks for that.

I already run php as a module. The main problem I've found is running apache
on windows with the default user, this account has "root" access to the
entire windows systems.

I've since added an "apache" user on windows and will go from there.

Although in the end I plan on moving everything over to my freebsd box as
the windows permissions just cannot do what I need done.

Michael.

On 9/3/05 6:06 AM, "chlaught@xxxxxxxxxxxx" <chlaught@xxxxxxxxxxxx> wrote:

> Hey Michael,
> 
> I've got a windows box at home too, I think the possible security problem
> had to do if you were running php as an CGI script, as opposed to an
> module in apache.
> If you've got a free computer though, get debian and put it on, works a
> breeze :), Alot easier for people to manage there personal webspace as
> well in terms of permissions etc.
> Cheers,
> 
> Chris
> 
>> Hey everyone,
>> 
>> I run a few small websites off a windows (don't kill me) box with
>> apache. I have heard from some people that there maybe an attempt to
>> hack my system through the use of a cgi script.
>> 
>> I give ftp access to every user with there own space. Each website is
>> running as a virtual host. They have access to upload to their own
>> cgi-bin folder.
>> 
>> Is there anything I can do to lock it down?
>> 
>> Thanks,
>> Michael.
>> 
>> 
>> -
>> You are subscribed to the progsoc mailing list. To unsubscribe, send a
>> message containing "unsubscribe" to progsoc-request@xxxxxxxxxxxxxxxxxxx
>> If you are having trouble, ask owner-progsoc@xxxxxxxxxxxxxxxxxx for
>> help.
> 
> 
> 
> 
> -
> You are subscribed to the progsoc mailing list. To unsubscribe, send a
> message containing "unsubscribe" to progsoc-request@xxxxxxxxxxxxxxxxxxx
> If you are having trouble, ask owner-progsoc@xxxxxxxxxxxxxxxxxx for help.

-- 





-
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@xxxxxxxxxxxxxxxxxxx
If you are having trouble, ask owner-progsoc@xxxxxxxxxxxxxxxxxx for help.