You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rb...@apache.org on 2002/11/07 03:44:08 UTC
cvs commit: httpd-docs-1.3/htdocs/manual/misc security_tips.html
rbowen 2002/11/06 18:44:08
Modified: htdocs/manual/misc security_tips.html
Log:
As per discussion on users@httpd.apache.org and a little on IRC, a bit
of clarification about "third party" modules and the permissions with
which they access files.
Revision Changes Path
1.30 +14 -0 httpd-docs-1.3/htdocs/manual/misc/security_tips.html
Index: security_tips.html
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/misc/security_tips.html,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- security_tips.html 19 Jan 2002 17:45:12 -0000 1.29
+++ security_tips.html 7 Nov 2002 02:44:08 -0000 1.30
@@ -27,6 +27,8 @@
<li><a href="#cgi">CGI in General</a></li>
+ <li><a href="#dynamic">Other sources of dynamic content</a></li>
+
<li><a href="#systemsettings">Protecting System
Settings</a></li>
@@ -188,6 +190,18 @@
code. Another popular way of doing this is with <a
href="http://wwwcgi.umr.edu/~cgiwrap/">CGIWrap</a>.</p>
<hr />
+
+ <h2><a id="dynamic" name="dynamic">Other sources of dynamic
+ content</a></h2>
+
+<p>Embedded scripting options which run as part of the server itself, such
+as mod_php, mod_perl, mod_tcl, and mod_python, run under the identify of
+the server itself, (see the <a href="../mod/core.html#user">User</a>
+directive) and therefore scripts executed by these engines
+potentially can access anything the server user can. some scripting
+engines may provide restrictions, but it is better to be safe and assume
+not.</p>
+<hr />
<h2><a id="systemsettings" name="systemsettings">Protecting
System Settings</a></h2>