Full Disclosure mailing list archives
Re: securing php
From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 19 Aug 2003 21:08:40 -0500
--On Tuesday, August 19, 2003 20:10:48 -0400 Michael Gale <michael () bluesuperman com> wrote:
# User nobody Group #-1 </IfModule> </IfModule> --snip-- I am not sure if the windows version has this option - it may have something similar.
I'm not sure why you would *want* to run Apache on Windows, but I'm certain that it would have the same options as *nix where possible. If you're insistent in running a web server on Windows, Apache is probably the better choice, though.
The problem with Windows is that the concept of running servers as unprivileged users or starting a daemon as root and then dropping privileges doesn't correspond one to one with the *nix security model.
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- securing php Justin Shin (Aug 19)
- Re: securing php Michael Gale (Aug 19)
- Re: securing php Paul Schmehl (Aug 19)
- Re: securing php Larry W. Cashdollar (Aug 19)
- Re: securing php Evan Nemerson (Aug 20)
- Re: securing php jeremy (Aug 20)
- <Possible follow-ups>
- RE: securing php Rainer Gerhards (Aug 20)
- Re: securing php Michael Gale (Aug 19)