[plug] [OT] Password security with shared web hosting

Cameron Patrick cameron at patrick.wattle.id.au
Wed Aug 25 21:23:23 WST 2004


James Devenish wrote:

> raw code of scripts of neighbouring co-hosted sites. One such situation
> would be a UNIX Apache host -- the daemon runs as a particular UNIX user
> with access to everyone's files. In the case of module-based scripts
> (PHP would be a paragon of this, as contrasted with CGI), everybody's
> scripts run as the same UNIX user and can thus have privileges to snoop
> on each other's source code. In many cases, this source code may contain
> passwords for database services. As I understand it, the only security

I think a lot of shared hosting providers use mod_somethingorother in
which scripts run as the user that owns them (unless they're root-owned).

Cameron.




More information about the plug mailing list