Security Basics mailing list archives
Fw: About malicious java sciprt running...
From: "GUs" <rootz () fibertel com ar>
Date: Tue, 9 Dec 2003 20:14:55 -0300
In fact, if Global Variables is set to "YES" in your php config, then you have a big problem. Because de $a variable could be i.e.: http://host.com/file.php?var=../../../../etc/passwd This issue depend of your entire system configuration. 1) Restrict the permissions that your script could invoque. There is a few lines in your config file to do that. 2) Chrooting APACHE will give you more security and it is a good practice in web-server security even if an "atacker" has compromised your system. But there is always more :). 3)Read http://www.linuxsecurity.com/articles/documentation_article-5788.html to know about secure prgramming techniques over php. There is a lot of techniques to protect your webserver and good secure programming, but this is "security-basics" and all this could be enough for now. Keeps your eyes open and your mind free. Review 1000 times your codes. Protect your network. Watch out with your Routers. Patch it all. :) cheers, (EthNic) Gustavo T. IT-Student & Tech support. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- About malicious java sciprt running... s970501 (Dec 09)
- Re: About malicious java sciprt running... Shaun Colley (Dec 09)
- Re: About malicious java sciprt running... オマル イスマイル (Dec 10)
- Re: About malicious java sciprt running... Hugo Teso Torío (Dec 10)
- <Possible follow-ups>
- About malicious java sciprt running... Trystano (Dec 09)
- security awareness employee briefings Steve (Dec 10)
- Fw: About malicious java sciprt running... GUs (Dec 10)