[plug] [OT] Password security with shared web hosting
James Devenish
devenish at guild.uwa.edu.au
Wed Aug 25 21:36:25 WST 2004
In message <20040825132323.GA21943 at cp.yi.org>
on Wed, Aug 25, 2004 at 09:23:23PM +0800, Cameron Patrick wrote:
> I think a lot of shared hosting providers use mod_somethingorother in
> which scripts run as the user that owns them (unless they're root-owned).
Hmm, okay, thanks. If anyone knows of such free modules for Apache 1
and Apache 2, and has any comments to make about such mass hosting
arrangements from a sysadmin perspective, I would be interested to
know. Now, if only users would stop uploading files with world-write
permissions!
PS. Addenda:
In message <20040825132040.GA4668 at mail.guild.uwa.edu.au>
on Wed, Aug 25, 2004 at 09:20:40PM +0800, James Devenish wrote:
> on each other's source code. In many cases, this source code may contain
s/source code/source code or configuration files/g
> - Using authentication systems where the user-supplied credentials are
> both necessary and sufficient, so that breach of the source code is
> insufficient to breach the databases.
Alternatively, having user-supplied credentials controlling access to a
secondary set of shared credentials, and allowing access to the database
through those secondary credentials.
More information about the plug
mailing list