Security Basics mailing list archives
Very basic security question:
From: "Ing. Bernardo Lopez" <bloodk () prodigy net mx>
Date: 21 Jan 2003 05:33:41 +0000
How secure could be my webserver if i allow some php scripts to modify the file (directly) /etc/passwd & /etc/shadow but my script will only allow to modify the line of the loged user (like userid=visitor, then he only can see/modify visitor's line)?? It is secure, if i enforce very enougth the security of the script... or this stills being a stupid option? Also if i use that script only for modify the permisions of ftp's users it stills unsecure? (if the ftpd runs whit a very unpriviligiated uid?) Thanks in advance
Current thread:
- RE: Internet Cafe, (continued)
- RE: Internet Cafe Jason Dixon (Jan 20)
- Re[2]: Internet Cafe Malte von dem Hagen (Jan 21)
- Re: Internet Cafe Igor D. Spivak (Jan 21)
- RE: Internet Cafe Stephen A. Santos (Jan 17)
- RE: Internet Cafe DeNoyer, Rick (Jan 17)
- RE: Internet Cafe Ogden, Earl (Jan 17)
- RE: Internet Cafe Paul Baugher (Jan 17)
- RE: Internet Cafe squid (Jan 19)
- RE: Internet Cafe Terry Peterson (Jan 19)
- RE: Internet Cafe Gunn, Jeff (Jan 21)
- Very basic security question: Ing. Bernardo Lopez (Jan 23)
- Re: Very basic security question: Diego Figueroa (Jan 24)
- Re: Very basic security question: Brad Arlt (Jan 24)
- Message not available
- Re: Very basic security question: Brad Arlt (Jan 27)
- Very basic security question: Ing. Bernardo Lopez (Jan 23)