WebApp Sec mailing list archives
Re: PHP session management
From: Ivan Ristic <ivanr () webkreator com>
Date: Tue, 28 Oct 2003 16:11:59 +0000
Use CGI-PHP (with suexec) in a multi-user environment. With that configuration each user (and PHP) has it's own UID. Playing with chroot in suexec is a plus on security and your session files might be safe.If you're working w/ apache2, you can also use metuxmpm: http://www.metux.de/projects/mpm/
Or, if you have to use Apache1, use the FastCGI module (you will then be able to have a copy of PHP per user or per host). You get the speed of a module and security of suexec (it can actually use suexec internally to start PHP instances). -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ]
Current thread:
- PHP session management Gavin Zuchlinski (Oct 26)
- Re: PHP session management Matt Rohrer (Oct 26)
- Re: PHP session management Tommy Gildseth (Oct 26)
- Re: PHP session management Gavin Zuchlinski (Oct 26)
- Re: PHP session management Hokkaido (Oct 27)
- Re: PHP session management Gavin Zuchlinski (Oct 27)
- Re: PHP session management Gavin Zuchlinski (Oct 26)
- Re: PHP session management Boris Penck (Oct 27)
- Re: PHP session management weigelt (Oct 28)
- Re: PHP session management Ivan Ristic (Oct 28)
- Re: PHP session management weigelt (Oct 28)
- <Possible follow-ups>
- RE: PHP session management Tyler Larson (Oct 27)