On Wed, May 29, 2002 at 11:59:44AM -0400, Jeff Dafoe wrote: > > I don't understand what risks there are to the server and > > machine as a whole, such that the server owner should be > > reluctant to enable this feature. Could someone please tell > > me what are the risks and how are these risks controlled in > > typical "good" use of suEXEC? > to run in a mass hosting environment under apache without the use of suexec. > Running end users' CGIs as the same user as the web server is asking for > problems, IMHO. Suexec, when improperly configured, can create a security ( && helo Glynn Long time no stream too.. ;-)) Anyways suexec is_a_helper. I would agree with you that suexec is a good thing. It helps babysit if you like is all. But it is not a universal solvent. Nothing really is.. 'suexec helps fix common issues with scripts other than the actual guts of cgi-script itself.' I would agree with you as well that it lends to a added layer of abstracted web security if you will. whew:-) Is anyone using cgiwrap that is also familiar with suexec? Would like to know their opinions on the comparison. Best Regards, dreamwvrat_private
This archive was generated by hypermail 2b30 : Wed May 29 2002 - 12:08:19 PDT