WebApp Sec mailing list archives

Re: PHP session management

From: Ivan Ristic <ivanr () webkreator com>
Date: Tue, 28 Oct 2003 16:11:59 +0000

Use CGI-PHP (with suexec) in a multi-user environment. With that
configuration each user (and PHP) has it's own UID. Playing with chroot
in suexec is a plus on security and your session files might be safe.


If you're working w/ apache2, you can also use metuxmpm:
http://www.metux.de/projects/mpm/


  Or, if you have to use Apache1, use the FastCGI module (you
  will then be able to have a copy of PHP per user or per host). You
  get the speed of a module and security of suexec (it can actually
  use suexec internally to start PHP instances).

--
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]

Current thread:

PHP session management Gavin Zuchlinski (Oct 26)
- Re: PHP session management Matt Rohrer (Oct 26)
- Re: PHP session management Tommy Gildseth (Oct 26)
  - Re: PHP session management Gavin Zuchlinski (Oct 26)
    - Re: PHP session management Hokkaido (Oct 27)
  - Re: PHP session management Gavin Zuchlinski (Oct 27)
- Re: PHP session management Boris Penck (Oct 27)
  - Re: PHP session management weigelt (Oct 28)
    - Re: PHP session management Ivan Ristic (Oct 28)
- <Possible follow-ups>
- RE: PHP session management Tyler Larson (Oct 27)